Last 7 Days (July 01 – July 07, 2026)
Crowdsourced fact-checking systems have been adopted by major social media companies such as X, Meta, TikTok and Google with the aim of combating misleading information at scale without relying on centralized editorial control. These systems have been developed around a common underlying concept: a bridging mechanism that identifies notes flagging misleading information when they receive support from people with different perspectives rather than simple majority support. To our knowledge the only publicly disclosed bridging algorithms deployed for fact-checking are based on matrix factorization, as deployed by both X and Meta, augmented with additional components addressing abuse, targeted manipulation, and contributor brigades. This work examines the core matrix factorization portion of these systems, presenting theoretical and empirical evaluations of the degree to which coordinated users could vote strategically by leveraging the latent representations to fabricate the appearance of synthetic consensus within the bridging mechanism. Using historic production data, we find that up to 10.7% of lower quality notes could be manipulated above consensus thresholds using less than 10 ratings. We complement these findings with a theoretical analysis, revealing counterintuitively that rating a note as "Not Helpful" can increase its helpfulness score, as well as a cost model quantifying manipulation effort. We have developed and deployed mitigations within X's Community Notes algorithm to address synthetic consensus.
Primary: Stanford University
All Institutions: Stanford University, X Community Notes, xAI
This work has significant broader impact, particularly for social media platforms and the field of adversarial machine learning. It proactively identifies a critical vulnerability in crowdsourced fact-checking systems (like X, Meta, TikTok, Google) that rely on matrix factorization for "bridging consensus." By demonstrating how coordinated adversaries can fabricate synthetic consensus, the paper highlights a fundamental challenge in designing robust, decentralized content moderation systems. The theoretical insights, especially the counterintuitive "Not Helpful" rating effect, contribute to a deeper understanding of MF-based systems. Most importantly, the paper's findings directly led to the development and *deployment of mitigations* (population sample filtering) within X's Community Notes algorithm, demonstrating a direct translation of research into real-world system improvements. This sets a high bar for impactful research in platform security and responsible AI, encouraging transparency and open collaboration between academia and industry to strengthen critical public-facing systems. This paper presents a rigorous analysis of coordinated manipulation in matrix factorization-based crowdsourced fact-checking, demonstrating a practical attack on production data and leading to the deployment of mitigations in X's Community Notes. The work combines theoretical derivations, empirical validation on a large-scale real-world dataset, and a practical cost model to expose a significant vulnerability in systems designed to combat misinformation, offering both novel insights into adversarial ML and direct, actionable solutions for platform security.
The paper presents a well-structured and rigorous methodology for analyzing coordinated manipulation in crowdsourced fact-checking systems, specifically focusing on the core matrix factorization (MF) component. The two-phase attack strategy is logically sound: first, adversarial accounts establish diverse positions in the latent factor space by strategically rating existing notes; second, these accounts coordinate to boost a target note's helpfulness score. This approach directly targets the "bridging" mechanism designed to ensure diverse agreement. The theoretical analysis of the Manipulation Resistance Score (MRS) is a significant contribution, providing a closed-form expression for the optimal single rating injection in a 1-dimensional factor space, which is the production setting for X. The derivation, detailed in the appendix, is thorough and correct. A particularly novel and counterintuitive finding is that rating a note as "Not Helpful" can, under specific conditions related to the geometry of existing ratings, increase its helpfulness score. This highlights a subtle vulnerability in the MF model. The cost model for the full attack provides a practical framework for understanding the economic feasibility of such manipulations and for evaluating potential mitigations. The methodology is strong in its combination of theoretical derivation, practical attack formulation, and cost analysis.
The experimental evaluation is robust and highly impactful due to its use of historic production data from X Community Notes (Jan 2021 - Jan 2025). This real-world dataset lends significant credibility to the findings. The ability to predict note parameters ($f_n, i_n$) from text using a Voyage embedding model and a shallow MLP is empirically demonstrated with reasonable accuracy, validating the feasibility of Phase 1 of the attack. The simulation showing that 100 adversarial accounts can achieve diverse factor positions across the spectrum $[-0.4, 0.4]$ further supports the attack's practicality. The quantification of MRS is a key empirical result, demonstrating that up to 10.7% of lower-quality notes could be manipulated above consensus thresholds using fewer than 10 ratings. This is a stark and actionable finding. The cost model, while simplified, provides concrete estimates (e.g., $30.50 for a single note manipulation) and effectively highlights the dominant cost factors (account maintenance). The paper also discusses the effectiveness of deployed mitigations, such as population sample filtering, which is a strong indicator of real-world impact. The experiments are well-designed to validate the theoretical claims and quantify the practical threat.
The paper demonstrates a strong commitment to reproducibility. It explicitly states that the analysis is based on the "open data and source code of X Community Notes," which facilitates independent study. The dataset used is publicly released, and the specific embedding model (Voyage-3-large) is identified. Hyperparameter and implementation details for the prediction model are promised in the appendix (though the appendix provided in the prompt is truncated before these details). The computational resources are specified, and the total wall-clock time for experiments is given. The full derivation for optimal rating injection is provided in the appendix. The authors also state that X deployed mitigations and released them as part of the open-source algorithm, further enhancing reproducibility and real-world impact.
The paper openly discusses several limitations. Firstly, it acknowledges that production Community Notes implementations include anti-abuse components (e.g., Correlated Rater Detection, Rater Engagement Intercept, Net Helpful Minimums) that are not fully incorporated into the core analysis. While these are discussed qualitatively, their quantitative impact on the attack's cost and success rate is not fully modeled. Secondly, the analysis is conducted in a static setting, not accounting for dynamic feedback loops where a surfaced "Helpful" note might attract more ratings, potentially changing its status. Thirdly, the MRS computation uses a greedy algorithm, which might be a conservative approximation compared to exact combinatorial optimization. Additionally, the note parameter prediction model uses only note text, ignoring post content or URLs, which could lead to underestimation of attacker capabilities. Finally, the cost model is a simplified abstraction and doesn't capture all nuances of attacker utility or sophisticated evasion strategies.
This work has significant broader impact, particularly for social media platforms and the field of adversarial machine learning. It proactively identifies a critical vulnerability in crowdsourced fact-checking systems (like X, Meta, TikTok, Google) that rely on matrix factorization for "bridging consensus." By demonstrating how coordinated adversaries can fabricate synthetic consensus, the paper highlights a fundamental challenge in designing robust, decentralized content moderation systems. The theoretical insights, especially the counterintuitive "Not Helpful" rating effect, contribute to a deeper understanding of MF-based systems. Most importantly, the paper's findings directly led to the development and *deployment of mitigations* (population sample filtering) within X's Community Notes algorithm, demonstrating a direct translation of research into real-world system improvements. This sets a high bar for impactful research in platform security and responsible AI, encouraging transparency and open collaboration between academia and industry to strengthen critical public-facing systems. This paper presents a rigorous analysis of coordinated manipulation in matrix factorization-based crowdsourced fact-checking, demonstrating a practical attack on production data and leading to the deployment of mitigations in X's Community Notes. The work combines theoretical derivations, empirical validation on a large-scale real-world dataset, and a practical cost model to expose a significant vulnerability in systems designed to combat misinformation, offering both novel insights into adversarial ML and direct, actionable solutions for platform security.
Memory expertise is a learned skill: knowing what to encode, when to retrieve, and how to organize knowledge--a capacity known in cognitive science as metamemory. We bring this perspective to LLMs by treating memory management as a trainable skill. We promote file-system operations to first-class memory actions alongside task actions, letting the model itself decide how to manage its memory. This memory skill improves along two axes: the structure that supports it (prompts, file schemas, action vocabulary), and the proficiency of the model exercising it. Both axes resist manual optimization: episodes in long-horizon tasks run for thousands of steps, and a single memory mistake can hide long before it surfaces, making human review of full trajectories impractical. We introduce AutoMem, a framework that automates both axes. In the first loop, a strong LLM reviews complete agent trajectories and iteratively revises the memory structure that shapes how the agent interacts with its memory files. In the second loop, the agent's own good memory decisions are identified from many episodes and used as training signal to sharpen the model's memory proficiency directly. Across three procedurally generated long-horizon games (Crafter, MiniHack, and NetHack), optimizing memory alone--without modifying the model's task-action behavior--improved the base agent's performance ~2x-4x, bringing a 32B open-weight model competitive with frontier systems such as Claude Opus 4.5 and Gemini 3.1 Pro Thinking. Our results show that memory management is an independently learnable skill, and a high-leverage objective yielding large gains on long-horizon tasks.
Primary: Stanford University
All Institutions: Stanford University
The paper's findings have substantial broader implications. By demonstrating that automated memory optimization can significantly enhance LLM agent performance on long-horizon tasks, it offers a practical pathway for open-weight models to achieve capabilities comparable to frontier proprietary systems. This could democratize access to advanced agentic AI, making sophisticated LLM agents more accessible for research and development. The methodology of using meta-LLMs for trajectory-level review and targeted revision is a generalizable workflow that could be applied to optimize other agent capabilities beyond memory, potentially accelerating agent development across various domains. While the current applications are in games, the underlying principles are highly transferable to real-world tasks requiring complex, long-term information management. The authors responsibly note that the released artifacts are not directly applicable to high-stakes deployment without further safety review, acknowledging the ethical considerations. This paper introduces AutoMem, a novel framework that automates the learning of memory as a cognitive skill for LLM agents by iteratively optimizing both the memory's supporting structure (scaffold) and the model's proficiency in using it, yielding significant performance gains on long-horizon tasks and making open-weight models competitive with frontier systems. The work presents a highly innovative approach to a critical challenge in LLM agent development, leveraging meta-LLMs to automate the optimization of memory management in long-horizon tasks where human review is intractable. Its strong empirical results, demonstrating substantial performance improvements solely from memory optimization and bringing a 32B open-weight model to the level of frontier proprietary systems, highlight memory as a high-leverage objective and offer a promising direction for developing more capable, efficient, and accessible AI agents.
The methodology proposed in AutoMem is exceptionally well-conceived and technically sound. The central idea of treating memory management as a "trainable skill" for LLMs, drawing inspiration from cognitive science's metamemory, is a powerful conceptual shift. By promoting file-system operations (read, write, search, append, create) to first-class actions within the LLM's action space, the framework provides a flexible, observable, and controllable interface for external memory. The core technical contribution is the two-loop AutoMem framework. The first loop, scaffold optimization, leverages a powerful meta-LLM (Claude Opus 4.6) to review complete, long-horizon agent trajectories (up to $10^5$ steps) and iteratively revise the agent's code, prompts, and memory file schema. This addresses a critical bottleneck in long-horizon task development, where human review of such extensive traces is impractical. The meta-LLM effectively acts as a "code reviewer," diagnosing memory-related failures and proposing concrete structural improvements (e.g., coordinate-keyed deduplication, auto-synced inventory files, pre-populated strategy guides). The second loop, proficiency training, focuses on enhancing the model's parametric ability to make optimal memory decisions. Here, a meta-LLM (Claude Opus 4.7) acts as a "training engine," curating high-quality supervised training data from the agent's own experience and orchestrating the LoRA finetuning configuration. The architectural separation of a finetuned "memory specialist" model from the frozen "gameplay model" is a clever design choice, ensuring that memory skill acquisition is targeted and does not degrade the base model's existing task competence. This modularity allows for clean, additive gains. The overall framework is coherent, addresses a significant challenge in LLM agent development, and is grounded in a strong theoretical perspective.
The experimental evaluation is rigorous and highly convincing. The paper selects three challenging, procedurally generated long-horizon games—Crafter, MiniHack, and NetHack—which are ideal environments for testing sophisticated memory management due to their length, stochasticity, and the inherent need for persistent knowledge (e.g., maps, inventory, strategies). The use of the BALROG harness ensures a standardized and challenging benchmark. The primary metric, game progression rate, is appropriate for these complex tasks. The results are remarkably strong: optimizing memory *alone*, without modifying the base model's task-action weights, yields substantial performance gains of 2x-4x across all environments. This empirically validates the paper's central hypothesis that memory management is an independently learnable and high-leverage skill. Furthermore, the optimized 32B open-weight model achieves performance competitive with frontier proprietary systems such as Claude Opus 4.5 and Gemini 3.1 Pro Thinking, a highly impactful finding that suggests memory optimization can significantly close the gap between open-source and state-of-the-art proprietary models on these tasks. The paper also provides compelling qualitative evidence, including a significant reduction in unproductive actions, a sharp decrease in redundant memory writes, and the emergence of a "consult-before-write" memory discipline in the trained specialist. The detailed examples of memory schema evolution (e.g., NetHack's coordinate-keyed map deduplication) further illustrate the concrete benefits of the scaffold optimization. The inclusion of strong baselines, including frontier proprietary models and basic context-management strategies, provides a comprehensive comparison.
The paper demonstrates an excellent commitment to reproducibility. A dedicated appendix provides comprehensive implementation details, including specific configurations for all three game environments (Crafter, MiniHack, NetHack), such as world area, agent view, reward settings, maximum episode steps, and evaluation seeds. Crucially, it details the outer-loop processes, specifying the meta-LLMs used (Claude Opus 4.6/4.7), the criteria for accepting revisions, retry mechanisms, training data collection procedures, and the exact LoRA hyperparameters (rank, alpha, dropout, effective batch size, learning rate, number of training epochs, and target modules) for each environment. The explicit mention of releasing the complete prompt templates and code at `https://github.com/autoLearnMem/AutoMem` is a significant strength, enabling researchers to replicate and build upon this work. This level of detail is commendable and sets a high standard for reproducibility in LLM agent research.
The authors thoughtfully acknowledge several limitations. The current memory system is episodic, meaning the file system starts fresh at the beginning of each episode, which prevents knowledge transfer across sessions. Extending this to persistent memory is identified as a natural next step. The experiments are conducted on game environments, which, while well-suited for studying memory, suggest a need to validate the approach on real-world, memory-intensive tasks. Additionally, the current framework optimizes a separate scaffold and memory specialist for each game, raising the question of whether a single, more generalized scaffold or specialist could be developed to operate effectively across diverse environments. An implicit limitation, common to meta-LLM-driven approaches, is the reliance on powerful proprietary models (Claude Opus) as meta-LLMs, which entails cost and potential for brittleness, though the iterative refinement and gating mechanisms help mitigate this.
The paper's findings have substantial broader implications. By demonstrating that automated memory optimization can significantly enhance LLM agent performance on long-horizon tasks, it offers a practical pathway for open-weight models to achieve capabilities comparable to frontier proprietary systems. This could democratize access to advanced agentic AI, making sophisticated LLM agents more accessible for research and development. The methodology of using meta-LLMs for trajectory-level review and targeted revision is a generalizable workflow that could be applied to optimize other agent capabilities beyond memory, potentially accelerating agent development across various domains. While the current applications are in games, the underlying principles are highly transferable to real-world tasks requiring complex, long-term information management. The authors responsibly note that the released artifacts are not directly applicable to high-stakes deployment without further safety review, acknowledging the ethical considerations. This paper introduces AutoMem, a novel framework that automates the learning of memory as a cognitive skill for LLM agents by iteratively optimizing both the memory's supporting structure (scaffold) and the model's proficiency in using it, yielding significant performance gains on long-horizon tasks and making open-weight models competitive with frontier systems. The work presents a highly innovative approach to a critical challenge in LLM agent development, leveraging meta-LLMs to automate the optimization of memory management in long-horizon tasks where human review is intractable. Its strong empirical results, demonstrating substantial performance improvements solely from memory optimization and bringing a 32B open-weight model to the level of frontier proprietary systems, highlight memory as a high-leverage objective and offer a promising direction for developing more capable, efficient, and accessible AI agents.
World models aim to capture environment dynamics in ways that support perception, reasoning, and action, and have recently become a central direction in Vision-Language-Action-World (VLAW) modeling. Meanwhile, unified vision-language models have demonstrated strong multimodal generation capabilities, yet their potential as world models remains underexplored. In this work, we introduce \texttt{WorldBagel}, a unified VLAW framework built on BAGEL, a modern multimodal unified model, and use it to systematically investigate the role of unification in world modeling. Across multi-task robotic manipulation and cross-domain experiments, \texttt{WorldBagel} consistently outperforms task-specific alternatives and learns action representations that are more structured and semantically aligned with visual and linguistic context. Experiments on LIBERO, Language Table, and Franka show that unification is not only an architectural convenience, but also a key factor in learning effective VLAW models, leading to consistent empirical gains and deeper insights into multimodal world modeling. Code and model checkpoints will be released upon acceptance.
Primary: Georgia Institute of Technology
All Institutions: Georgia Institute of Technology
WorldBagel makes a significant contribution to the field of embodied AI and multimodal learning. By demonstrating the power of architectural unification for Vision-Language-Action-World modeling, it paves the way for more capable and general-purpose robotic agents. The ability to jointly understand language, perceive the environment, predict actions, and model future states within a single framework is a crucial step towards truly intelligent robots. The proposed Fourier-based action representation (FFAD/FFAT) is a valuable technical innovation that could be adopted by other robotics policies for more robust and structured action learning. The findings on stability under distribution shifts are particularly relevant for deploying robots in real-world, uncertain environments. This work encourages further research into leveraging large-scale unified multimodal models for complex embodied tasks, potentially leading to breakthroughs in robot learning and generalization. WorldBagel introduces a unified VLAW framework built on BAGEL, systematically demonstrating that architectural unification significantly improves multi-task robotic manipulation performance, yields higher-quality action representations via Fourier-based tokenization, and enhances stability under distribution shifts, thereby providing a promising foundation for scalable multimodal world models. This paper presents a robust methodology for integrating vision, language, action, and world modeling into a single coherent framework, supported by strong empirical results and insightful analyses of action representation and robustness, making a substantial contribution to the development of more capable and generalizable embodied AI systems.
The paper introduces WorldBagel, a unified Vision-Language-Action-World (VLAW) framework built upon the BAGEL two-tower architecture. The core methodological contribution lies in extending a powerful multimodal generative model (BAGEL) to jointly support multimodal understanding, structured action modeling, and future world prediction. The VLAW formulation is clearly defined, aiming to model the joint distribution of future observations and actions conditioned on past states and language instructions. A significant technical contribution is the Fourier Feature Action Decoder (FFAD) and Fourier Feature Action Tokenizer (FFAT). FFAD addresses the limitations of standard regression and discretization-based action tokenizers by mapping continuous actions into Fourier features and predicting in this space. The inverse mapping uses phase-consistent averaging for reconstruction. This approach is well-justified with theoretical analysis provided in the appendix, demonstrating Lipschitz stability, injectivity, consistency of reconstruction, and approximation advantages. This mathematical rigor is a strong point. The interleaved VLAW modeling via sequence plans, adapted from BAGEL, is a practical and flexible way to structure multimodal sequences for multi-view, multi-step observations and control. The concept of sampling different sequence plans to balance training objectives is sound. Furthermore, the LLM-inspired multimodal train-time data sampling, using mixture dataset sampling and priority sequence-plan sampling, is a crucial engineering detail for stabilizing training across heterogeneous datasets and balancing policy learning with world modeling. The overall architecture leverages the strengths of BAGEL's GEN/UND experts, with action modeling integrated through fine-tuned tokenizers and decoders rather than a new expert. This design choice maintains the unified nature of the model.
The experimental evaluation is comprehensive and rigorous, addressing three key empirical findings: multi-task performance, action representation quality, and stability under distribution shifts. 1. **Multi-task Performance**: WorldBagel is evaluated on LIBERO, Language Table, and Franka benchmarks. On LIBERO, it achieves state-of-the-art multi-task manipulation performance (98.0% average success rate), outperforming strong VLA baselines like OpenVLA-OFT and RynnVLA-002. The world modeling capabilities are also quantitatively assessed using FVD, PSNR, SSIM, and LPIPS, showing consistent improvements over RynnVLA-002 across all datasets, especially in action-conditioned prediction. This clearly demonstrates the empirical gains of the unified VLAW approach. 2. **Action Representation Quality**: A detailed ablation study on action decoder design (regression, bin discretization, FAST, FFAD) on LIBERO shows FFAD significantly reduces action MSE and improves success rates. Further analysis on the number of Fourier bands (K) in FFAD/FFAT provides insights into optimal hyperparameter choices. Crucially, the representation structure analysis using a linear probe classifier reveals that FFAD produces more structured and task-relevant action embeddings, leading to higher task identity prediction accuracy. This is a strong validation of the FFAD design. 3. **Stability Under Distribution Shifts**: The paper investigates robustness to action noise, scaling, and temporal perturbations on LIBERO. WorldBagel consistently maintains higher prediction fidelity (PSNR, LPIPS) compared to RynnVLA-002 under these shifts. The eigenvalue spectrum analysis further supports this, showing WorldBagel learns richer and more stable action representations (higher effective rank, lower dominant eigenvalue ratio). This finding is particularly important for real-world robotics applications where such shifts are common. The choice of baselines is appropriate, including recent strong VLA models and a direct competitor (RynnVLA-002) that also aims for VLAW unification. The use of multiple metrics (success rate, FVD, PSNR, SSIM, LPIPS, A-MSE, linear probe accuracy, eigenvalue spectrum) provides a holistic view of the model's performance and internal properties. The experiments are well-designed to support the paper's claims about the benefits of unification.
The paper states that "Code and model checkpoints will be released upon acceptance," which is a positive commitment. Detailed hyperparameters (learning rate, weight decay, batch size, training steps, K for FFAT/FFAD, priority weights) and hardware (8 H200 GPUs) are provided, which are crucial for reproducibility. The mathematical derivations for FFAD/FFAT in the appendix also contribute to understanding and potentially re-implementing those components. Given the complexity of large multimodal models, the release of code and checkpoints is essential for full reproducibility.
1. **Computational Cost**: While not explicitly stated as a limitation, training and deploying a model built on a large unified multimodal backbone like BAGEL is inherently computationally intensive, requiring significant resources (e.g., 8 H200 GPUs for 80K steps). This might limit its applicability for resource-constrained environments or rapid iteration. 2. **Scope of World Modeling**: The "world modeling" aspect primarily focuses on next-frame prediction for manipulation tasks. While crucial, it doesn't delve into more abstract forms of world knowledge, causal reasoning, or long-horizon planning beyond short action rollouts, which are often goals of broader world models. 3. **Reliance on Supervised Fine-tuning**: The model relies on supervised fine-tuning (SFT) on existing robotic datasets. While effective, this approach might be limited by the diversity and scale of available demonstration data, potentially hindering generalization to truly novel tasks or environments compared to models that learn more extensively through self-supervision or interaction. 4. **Generalizability Beyond Manipulation**: The experiments are confined to robotic manipulation tasks. While these are challenging, the generalizability of "unified VLAW modeling" to other embodied AI domains (e.g., navigation, human-robot interaction) or even broader generative tasks is not explored.
WorldBagel makes a significant contribution to the field of embodied AI and multimodal learning. By demonstrating the power of architectural unification for Vision-Language-Action-World modeling, it paves the way for more capable and general-purpose robotic agents. The ability to jointly understand language, perceive the environment, predict actions, and model future states within a single framework is a crucial step towards truly intelligent robots. The proposed Fourier-based action representation (FFAD/FFAT) is a valuable technical innovation that could be adopted by other robotics policies for more robust and structured action learning. The findings on stability under distribution shifts are particularly relevant for deploying robots in real-world, uncertain environments. This work encourages further research into leveraging large-scale unified multimodal models for complex embodied tasks, potentially leading to breakthroughs in robot learning and generalization. WorldBagel introduces a unified VLAW framework built on BAGEL, systematically demonstrating that architectural unification significantly improves multi-task robotic manipulation performance, yields higher-quality action representations via Fourier-based tokenization, and enhances stability under distribution shifts, thereby providing a promising foundation for scalable multimodal world models. This paper presents a robust methodology for integrating vision, language, action, and world modeling into a single coherent framework, supported by strong empirical results and insightful analyses of action representation and robustness, making a substantial contribution to the development of more capable and generalizable embodied AI systems.
Graph-based semi-supervised learning (SSL) propagates a few labels over a similarity graph by minimizing a Dirichlet-type energy. The standard quadratic ($p=2$) energy reduces to a single graph-Laplacian solve, but it degenerates exactly where SSL is most useful when labels are scarce: gathering more unlabeled data drives the $p=2$ estimate to a near-constant function whenever $d\ge2$ (Nadler-Srebro-Zhou). Well-posedness requires the nonlinear $p$-Laplacian energy with $p>d$. Existing solvers reduce this to a sequence of weighted Laplacian solves, but their reference implementations use a direct sparse factorization or ichol-preconditioned CG instead. Plugging a near-linear Laplacian solver is not straightforward: at large $p$ the conductance weights degenerate near flat-gradient edges, making the system nearly singular and causing stagnation without a damped outer iteration. We close this gap. Recasting $p$-Laplacian SSL as a source-form nonlinear Laplacian flow $Bρ_p(B^\top x)=b$ and solving by damped chord-Newton continuation in $p$, every linearized system stays well-conditioned and can be delegated to a near-linear Laplacian engine. On size-scaled graph families the wall-clock is empirically $m^{0.96}$-$m^{1.02}$ per family (approximate Cholesky default), and a pooled fit across 228 SuiteSparse graphs gives $m^{1.19}$ vs.\ $m^{1.45}$ for direct factorization; the solver handles a $6.8\times10^7$-edge social network in minutes. Memory is the binding constraint: Cholesky fill reaches $10$-$280\times$ the graph nonzeros vs.\ our $O(m)$ hierarchy. Against the released FCL solver we are $1.5$-$14\times$ faster at matched accuracy. On MNIST $10$-NN, $p=3$ scores $64\%$ at one label per class vs.\ $36\%$ for $p=2$. Code: https://github.com/orenlivne/np.
Primary: Weizmann Institute of Science
All Institutions: Weizmann Institute of Science
The paper presents a significant engineering and numerical analysis breakthrough that makes scalable, nonlinear graph semi-supervised learning practically viable for the first time. By correctly integrating near-linear Laplacian solvers with a damped Newton continuation framework, it overcomes the stability and memory issues that previously confined $p$-Laplacian SSL to small graphs, enabling applications on industrial-scale networks with tens of millions of edges while maintaining the statistical advantages of nonlinear energy minimization.
The paper addresses a critical scalability bottleneck in Graph $p$-Laplacian Semi-Supervised Learning (SSL). While the statistical benefits of $p>2$ energies in mitigating the low-label degeneracy of quadratic ($p=2$) label propagation are well-established, practical adoption has been hindered by the superlinear memory and time complexity of direct sparse factorization solvers. The authors' key methodological contribution is the rigorous recasting of the $p$-Laplacian SSL problem as a nonlinear Laplacian flow ($B\rho_p(B^\top x)=b$) and the application of a damped chord-Newton continuation method. Crucially, they demonstrate that by using a conductance floor and guarded Anderson acceleration, the inner linearized systems remain well-conditioned, allowing the substitution of expensive direct solvers with near-linear time Laplacian engines (Approximate Cholesky or LAMG+). This is a non-trivial numerical analysis contribution, as naive substitution of near-linear solvers into the Newton loop typically leads to stagnation due to ill-conditioning at large $p$.
The experimental evaluation is comprehensive and convincing. The authors provide: 1. Theoretical validation: Reproducing the known low-label degeneracy of $p=2$ and showing that $p=3$ significantly improves accuracy (64% vs 36% on MNIST with 1 label/class). 2. Scaling analysis: Empirical evidence of near-linear scaling ($m^{0.96}-m^{1.02}$) on fixed graph families and a pooled fit of $m^{1.19}$ across 228 heterogeneous graphs. 3. Comparative benchmarks: Head-to-head comparisons against the incumbent FCL solver (showing 1.5-14x speedups) and Calder's GraphLearning package (showing significant speedups on geometric graphs). 4. Web-scale demonstration: Successfully solving SSL on a 68M-edge social network (LiveJournal) in minutes, a task infeasible for direct factorization methods due to memory constraints. The experiments are rigorous, covering controlled scaling, heterogeneous corpus analysis, and real-world industrial-scale graphs.
The paper provides a clear algorithm description, detailed hyperparameters (e.g., conductance floor $10^{-6}$, continuation schedule), and open-source code. The reproducibility is high, supported by the availability of the Julia implementation and the specific graph corpus used.
The authors honestly disclose several limitations: 1. The near-linear scaling is empirical; no theoretical complexity bound is provided for the outer iteration count on general graphs. 2. The solver is currently single-threaded, limiting absolute wall-clock performance compared to potential distributed implementations. 3. The comparison with FCL is limited to moderate sizes due to the MATLAB/Octave implementation's constraints, though the memory wall argument for larger graphs is strong. 4. The method relies on the effectiveness of the conductance floor, which, while theoretically justified as a preconditioner, is an empirical choice.
This work removes a major barrier to using nonlinear graph-based SSL at scale. By making $p$-Laplacian methods feasible for web-scale graphs, it enables more robust semi-supervised learning in regimes with scarce labels (few-shot learning, active learning) where GNNs often overfit and quadratic propagation fails. It bridges the gap between theoretical insights on $p$-Laplacian well-posedness and practical, large-scale machine learning infrastructure. The paper presents a significant engineering and numerical analysis breakthrough that makes scalable, nonlinear graph semi-supervised learning practically viable for the first time. By correctly integrating near-linear Laplacian solvers with a damped Newton continuation framework, it overcomes the stability and memory issues that previously confined $p$-Laplacian SSL to small graphs, enabling applications on industrial-scale networks with tens of millions of edges while maintaining the statistical advantages of nonlinear energy minimization.
Routing among large language models (LLMs) promises better quality at lower cost, motivated by the reported gap between learned routers and a per-instance oracle. But that oracle is computed from a single correctness label per (query, model), so under stochastic decoding it is one Bernoulli draw, not a reproducible property. We recast the question structurally: the expected per-instance oracle decomposes as $O^{\exp}=O^{\mathrm{repro}}+Δ$, into reproducible single-commit headroom $O^{\mathrm{repro}}$ and a non-negative single-commit selection floor $Δ$. Our main result is a recoverability asymmetry: this floor is closed by no single-commit router, yet is recovered by test-time sampling -- best-of-$K$ on the committed model, at the oracle's own budget, dominates the independent-pool single-draw oracle. The cap needs no cross-model independence; we prove it with the exact decomposition and noise-share bounds that shrink as the budget grows. The procedure adds no new router, only resampling. The floor's magnitude is a prospective, conservative localization, not an audit: our primary target LLMRouterBench (33 models, 391,645 instances) defines its oracle as a per-query union over single $T=0.2$ generations -- by construction a union of stochastic single draws. Since $O^{\mathrm{repro}}$ is non-identifiable from the released $k=1$ matrix, we estimate the noise share by fresh $k\ge20$ resampling under one-sided, dependence- and guessing-floor-corrected bounds, recasting 'model-recall failure' as thin-support union inflation. On a controlled open-model re-generation, single-draw noise is a substantial minority of the gap -- larger on an unsaturated benchmark, approaching half on the hardest queries where no model is reliable -- while the majority remains recoverable specialist advantage. We release a multi-sample oracle evaluation protocol for routing benchmarks.
Primary: National Yang Ming Chiao Tung University
All Institutions: National Yang Ming Chiao Tung University, Krixvon AI
This paper has significant broader impact for the field of LLM routing and evaluation methodology. 1. **Benchmark Design**: It provides a concrete, actionable protocol for benchmark designers to adopt multi-sample oracles (expected and reproducible variants) instead of single-draw ones, which are shown to be systematically inflated. This could lead to more accurate and reliable routing benchmarks. 2. **Interpretation of Routing Progress**: The work fundamentally re-calibrates the understanding of the "router-to-oracle gap" and the "model-recall failure" diagnosis. By quantifying the portion of the gap attributable to irreducible single-draw noise, it clarifies how much genuine headroom exists for routers, guiding research efforts more effectively. 3. **Research Direction**: It suggests that future routing research should focus on better ex-ante quality estimation and decorrelating model pools, rather than chasing an inflated ceiling. It also motivates further investigation into cost-quality claims and end-to-end latency with calibrated oracles. 4. **General LLM Evaluation**: The principles of accounting for stochasticity and decomposing performance into reproducible vs. noise components could extend beyond routing to other areas of LLM evaluation where single-sample metrics are common. This paper rigorously decomposes the LLM router-to-oracle gap, revealing that a substantial minority is single-draw label noise irrecoverable by single-commit routing, and proposes a multi-sample oracle evaluation protocol. The work provides a robust theoretical framework, compelling empirical evidence, and a highly reproducible methodology that significantly advances the understanding and evaluation of LLM routing systems, offering clear guidance for benchmark design and future research.
The methodology is exceptionally rigorous and well-articulated. The paper structurally recasts the problem of the router-to-oracle gap by defining three key oracles: the expected single-draw oracle ($O^{\exp}$), the reproducible single-commit headroom ($O^{\mathrm{repro}}$), and the verifier-free aggregation oracle ($O^{\mathrm{agg}}$). The core contribution is the exact, non-negative decomposition of the router-to-oracle gap ($G$) into recoverable specialist advantage ($G_{\mathrm{rec}}$) and single-draw label noise ($G_{\mathrm{noise}}$). This decomposition is backed by strong theoretical proofs (Theorems, Propositions, Corollaries) that establish the upward bias of the single-draw oracle and the "recoverability asymmetry"—that $G_{\mathrm{noise}}$ is irrecoverable by any single-commit router but can be recovered by test-time sampling. The proposed Algorithm 1 provides a clear, step-by-step protocol for multi-sample correctness estimation and gap decomposition, using raw frequencies for point estimates and Beta-Bernoulli posteriors for confidence intervals. Crucially, the methodology addresses the complexities of estimating $O^{\exp}$ in the presence of cross-model dependencies by using a seed-aligned estimator, which is unbiased. The use of one-sided, dependence- and guessing-floor-corrected bounds for conservative estimation of $G_{\mathrm{noise}}$ further enhances the robustness of the approach. The paper clearly distinguishes its contributions from prior and concurrent work, particularly regarding the focus on stochastic single-draw noise versus deterministic evaluation artifacts.
The experimental evaluation is comprehensive and well-controlled, designed to localize the empirical magnitude of the theoretically proven noise term. The primary target is LLMRouterBench, with RouterBench as secondary corroboration. For a controlled re-generation, the authors used a pool of eleven open-weight, text-only instruction models served identically under vLLM at $T=0.2$ with $k=30$ seed-aligned draws per (query, model) cell. Two exact-match benchmarks, GSM8K (saturated) and MATH-500 (unsaturated), were used, with thin-support queries oversampled. The experiments successfully pass pre-checks for independence and over-dispersion, licensing the magnitude study. Key findings include: 1. **Magnitude of Noise**: Single-draw noise ($G_{\mathrm{noise}}$) constitutes a substantial minority of the gap (12% on GSM8K, 36% on MATH-500), with the majority remaining recoverable specialist advantage (64-88%). 2. **Noise Concentration**: $G_{\mathrm{noise}}$ concentrates heavily in thin-support queries (e.g., 43% on MATH-500 for queries where only 3 of 11 models were correct), validating theoretical predictions. 3. **Pool Composition Control**: The paper rigorously controls for intra-lineage error correlation, showing that redundancy inflates the noise share. Experiments with lineage-deduplicated pools and cardinality sweeps confirm the theoretical predictions, demonstrating the robustness of the findings. 4. **Recoverability Check**: The falsifiable prediction that test-time sampling recovers what selection cannot is empirically confirmed, with best-of-$K$ sampling outperforming the independent-pool oracle. However, the analysis also highlights that verifier-free aggregation (majority vote) often falls short, indicating that a significant portion of the "guessing residual" requires a deploy-time verifier. The experimental design is exemplary in its controls, stratification, and careful interpretation of results, providing strong empirical support for the theoretical claims.
The reproducibility of this work is exceptionally high. The authors explicitly state that "Code, corrected oracles, and the per-model correctness data are available at https://github.com/luka-krixvon/routing-oracle-experiment". The paper provides detailed information about the experimental setup, including the specific models used (eleven open-weight instruction models from eight distinct pretraining lineages), the serving framework (vLLM), decoding parameters ($T=0.2$, top-$p$ $1.0$), and the number of seed-aligned draws ($k=30$). The system configuration, including hardware/software stack, is captured by a detection script and released with the code. The methodology for multi-sample correctness estimation and gap decomposition is clearly outlined in Algorithm 1. This level of detail and the release of artifacts make the work highly reproducible and verifiable by the community.
The paper acknowledges several limitations: 1. **Scope of Re-estimation**: The current estimates use $k$ samples at a single temperature on an open-model pool. Future work could extend this to larger $k$, multiple temperatures, and live frontier (closed-source) models to sharpen estimates and test the bias growth. 2. **Cross-model Error Correlation**: While the paper controls for intra-lineage correlation, it notes that it does not fully characterize how cross-model estimator-error correlation shifts routing optimality in general, leaving this for future work. 3. **Evaluation Metric Scope**: The primary analysis focuses on exact-match and multiple-choice tasks, explicitly excluding LLM-judge / continuous-graded ones due to the mixing of sampling noise with judge noise. This is a reasonable scoping decision but means the findings do not directly generalize to all types of LLM evaluations. 4. **Preprint Date**: The "Preprint, July 2026" date is unusual for an arXiv preprint, which typically reflects the current or a past year. While not impacting the technical content, it's an oddity.
This paper has significant broader impact for the field of LLM routing and evaluation methodology. 1. **Benchmark Design**: It provides a concrete, actionable protocol for benchmark designers to adopt multi-sample oracles (expected and reproducible variants) instead of single-draw ones, which are shown to be systematically inflated. This could lead to more accurate and reliable routing benchmarks. 2. **Interpretation of Routing Progress**: The work fundamentally re-calibrates the understanding of the "router-to-oracle gap" and the "model-recall failure" diagnosis. By quantifying the portion of the gap attributable to irreducible single-draw noise, it clarifies how much genuine headroom exists for routers, guiding research efforts more effectively. 3. **Research Direction**: It suggests that future routing research should focus on better ex-ante quality estimation and decorrelating model pools, rather than chasing an inflated ceiling. It also motivates further investigation into cost-quality claims and end-to-end latency with calibrated oracles. 4. **General LLM Evaluation**: The principles of accounting for stochasticity and decomposing performance into reproducible vs. noise components could extend beyond routing to other areas of LLM evaluation where single-sample metrics are common. This paper rigorously decomposes the LLM router-to-oracle gap, revealing that a substantial minority is single-draw label noise irrecoverable by single-commit routing, and proposes a multi-sample oracle evaluation protocol. The work provides a robust theoretical framework, compelling empirical evidence, and a highly reproducible methodology that significantly advances the understanding and evaluation of LLM routing systems, offering clear guidance for benchmark design and future research.
Brownian Bridge Diffusion Models (BBDM) offer an appealing framework for image restoration and inverse problems by constructing a stochastic bridge from the clean signal directly to the degraded observation, rather than to pure noise. Despite their promise, the choice of bridge schedule is typically inherited from heuristics, and a principled analytical framework for schedule design has been lacking. In this work, we develop such a framework by offering a novel analysis of BBDM reverse dynamics under a Mixture-of-Gaussians (MoG) prior. This setting yields a closed-form ideal posterior and a corresponding MMSE denoiser, while the BBDM-induced reconstruction law is captured analytically through a tractable surrogate. Building on these expressions, we formulate two complementary schedule-design objectives: a Wasserstein criterion targeting perceptual quality and an MSE criterion targeting reconstruction fidelity. Our work exposes an inherent tradeoff between the two and proves the existence of universal schedules for both that are independent of the degradation and prior. Extensive experiments on controlled MoG settings confirm full alignment between theory and practice, and experiments on the FFHQ dataset across inpainting, deblurring, and super-resolution tasks validate the practical value of our schedule-design criteria.
Primary: Technion – Israel Institute of Technology
All Institutions: Technion – Israel Institute of Technology
This paper provides a rigorous analytical framework for schedule design in Brownian Bridge Diffusion Models, deriving closed-form reconstruction laws under Mixture-of-Gaussians priors to expose and optimize the distortion-perception tradeoff. The technical contribution is significant for its mathematical depth and the clarity it brings to a previously heuristic area, though its direct impact is somewhat moderated by the reliance on approximations for high-dimensional applications.
The paper presents a rigorous analytical framework for schedule design in Brownian Bridge Diffusion Models (BBDM). The core methodological contribution is the derivation of exact posterior dynamics under a Mixture-of-Gaussians (MoG) prior. Recognizing that the exact MoG reverse process loses global affinity, the authors introduce a "selected-label" approximation that freezes the mixture component assignment, allowing for a closed-form reconstruction law. This enables the formulation of two explicit schedule-design objectives: one minimizing Wasserstein distance (perceptual quality) and one minimizing MSE (reconstruction fidelity). The theoretical derivation is mathematically sound, leveraging Gaussian conditioning identities and spectral decomposition to decouple the dynamics. The approach is novel in applying this specific analytical lens to BBDM schedules, moving beyond heuristic choices.
The experimental validation is structured in three tiers: synthetic MoG data, MNIST with fitted MoG priors, and real-world FFHQ images. The synthetic experiments effectively validate the theoretical claims regarding the selected-label approximation and the distortion-perception tradeoff. The MNIST experiments demonstrate that the theoretical schedules improve upon default schedules in PSNR and NLL. The FFHQ experiments show that the MSE-oriented schedule improves PSNR/SSIM while the W2-oriented schedule improves FID/LPIPS, confirming the theoretical tradeoff. However, the real-world experiments rely on "MoG-free heuristics" derived from the theoretical bounds rather than optimizing the full MoG objective (which is intractable at scale), which slightly weakens the direct link between the complex theory and the final applied results.
The paper provides extensive mathematical derivations in the appendix, including proofs of mean-exactness and covariance deficit. The experimental setup is detailed, including dataset splits, training epochs, and evaluation metrics. The use of standard datasets (FFHQ, MNIST) and publicly available libraries (torch-fidelity, lpips) aids reproducibility. The code for the BBDM models is not explicitly linked, but the methodology is sufficiently described for implementation.
The primary limitation is the reliance on the selected-label approximation for the theoretical analysis. While proven to be mean-exact and covariance-deficient, it is an approximation. The "universal" schedules derived are based on a bounded four-parameter family and may not be optimal for all degradation types or data distributions. Furthermore, the real-world experiments use heuristics rather than the full theoretical optimization, limiting the direct demonstration of the theory's power in high-dimensional settings. The assumption of linear inverse problems also restricts the scope.
This work provides a principled foundation for tuning diffusion models for inverse problems, potentially leading to more reliable and performant restoration algorithms. By exposing the inherent tradeoff between perceptual quality and fidelity through a clear analytical lens, it offers valuable insights for practitioners balancing these competing objectives. The framework could be extended to other bridge-based diffusion models or used to analyze other sampler parameters. This paper provides a rigorous analytical framework for schedule design in Brownian Bridge Diffusion Models, deriving closed-form reconstruction laws under Mixture-of-Gaussians priors to expose and optimize the distortion-perception tradeoff. The technical contribution is significant for its mathematical depth and the clarity it brings to a previously heuristic area, though its direct impact is somewhat moderated by the reliance on approximations for high-dimensional applications.
Fine-tuning a single low-rank adapter on many domains at once is multi-task learning: the domains must be co-learned, and how they share the adapter decides whether they help or hurt one another. Most efficient fine-tuning pipelines ignore this and train on a fixed, uniform mixture, leaving two coupled questions unanswered: how much should each domain participate, and which domains should be co-trained given that some transfer positively and others interfere? We show that both answers can be read off cheaply and without labels. A forward pass of the current shared adapter over a small unlabeled probe yields, per domain, a competence signal whose level tracks remaining headroom and whose trajectory tracks learning speed; the drift of these probe representations yields a signed cross-domain affinity that predicts pairwise transfer. We fold both into CoDA, a co-adaptive controller that solves a small entropy-regularized quadratic program on the simplex to set each domain's participation -- jointly its loss weight and its share of the sampled data -- rewarding high-headroom, still-learning, mutually synergistic domains and damping interfering ones. The controller is forward-only, adds no trainable parameters, and wraps any multi-task LoRA pipeline. Across five heterogeneous domains and two backbones, CoDA improves the average over uniform mixing, learned mixtures, gradient-surgery multi-task optimizers, and online data selection while using half the data, and lowers cross-domain gradient conflict. We prove that the competence signal tracks domain risk, that the participation program has a unique fixed point reached by a contraction, and that its solution performs transfer-aware water-filling; analysis, ablations, and controls corroborate each claim.
Primary: University of Electronic Science and Technology of China
All Institutions: University of Electronic Science and Technology of China, Sichuan University
CoDA introduces a novel, label-free, forward-only mechanism for dynamically balancing multi-task LoRA training by estimating domain competence and cross-domain affinity, achieving state-of-the-art performance with reduced data and compute costs.
The paper proposes CoDA, a co-adaptive controller for multi-task Low-Rank Adaptation (LoRA). The core innovation lies in using label-free, forward-only signals to dynamically adjust domain participation. Specifically, it defines "competence" based on normalized predictive entropy to estimate domain headroom and learning speed, and "affinity" based on the drift of probe representations to estimate signed cross-domain transfer. These signals feed into an entropy-regularized quadratic program that jointly optimizes loss weights and data sampling ratios. The approach is theoretically grounded with proofs regarding the tracking of domain risk, the uniqueness of the fixed point (contraction mapping), and its interpretation as transfer-aware water-filling. The methodology is elegant, avoiding the need for labeled validation sets or expensive gradient computations during the control loop.
The evaluation is robust, covering two large backbones (Qwen-2.5-7B, LLaMA-3.1-8B) and five heterogeneous domains (Knowledge, Math, Code, Reasoning, Biomedical). CoDA outperforms uniform mixing, static mixture baselines (DoReMi, Temperature), and gradient-surgery methods (PCGrad, GradNorm) across all metrics, achieving significant gains (+1.8 avg score) while using only 50% of the data. The paper provides strong ablations isolating the contribution of the headroom term versus the affinity term, demonstrating that the latter is crucial for capturing synergistic/interfering relationships. Mechanism analysis confirms that the affinity signal correlates highly ($r=0.94$) with oracle leave-one-out transfer measurements. The results are consistent across seeds and model scales.
The paper provides detailed descriptions of the experimental setup, including dataset sources, prompt templates, LoRA configurations, and hyperparameters. The algorithm is clearly defined with pseudocode. The authors state that code and configurations will be released. The reliance on forward passes makes the method computationally transparent and easy to implement on top of existing LoRA pipelines. The theoretical proofs are included in the appendix, adding to the reproducibility of the claims.
The method requires a small unlabeled probe set per domain, which may be a constraint in strictly zero-data settings (though no labels are needed). The competence signal relies on model calibration; severe miscalibration could degrade performance, although the authors note a warmup phase helps mitigate this. The method assumes that the probe data is representative of the domain distribution. Additionally, while it reduces gradient conflict, it does not eliminate it entirely, and the quadratic program solution, while efficient, adds some overhead compared to static mixing.
This work significantly advances the efficiency and effectiveness of multi-task fine-tuning for LLMs. By reducing the data and compute required for adapting models to multiple domains, it lowers the barrier to entry for specialized model deployment and reduces the environmental impact of training. The label-free nature of the controller makes it applicable to scenarios where labeled data is scarce or expensive. The insights into cross-domain transfer and interference provide valuable theoretical understanding for multi-task learning. CoDA introduces a novel, label-free, forward-only mechanism for dynamically balancing multi-task LoRA training by estimating domain competence and cross-domain affinity, achieving state-of-the-art performance with reduced data and compute costs.
Crowdsourced fact-checking systems have been adopted by major social media companies such as X, Meta, TikTok and Google with the aim of combating misleading information at scale without relying on centralized editorial control. These systems have been developed around a common underlying concept: a bridging mechanism that identifies notes flagging misleading information when they receive support from people with different perspectives rather than simple majority support. To our knowledge the only publicly disclosed bridging algorithms deployed for fact-checking are based on matrix factorization, as deployed by both X and Meta, augmented with additional components addressing abuse, targeted manipulation, and contributor brigades. This work examines the core matrix factorization portion of these systems, presenting theoretical and empirical evaluations of the degree to which coordinated users could vote strategically by leveraging the latent representations to fabricate the appearance of synthetic consensus within the bridging mechanism. Using historic production data, we find that up to 10.7% of lower quality notes could be manipulated above consensus thresholds using less than 10 ratings. We complement these findings with a theoretical analysis, revealing counterintuitively that rating a note as "Not Helpful" can increase its helpfulness score, as well as a cost model quantifying manipulation effort. We have developed and deployed mitigations within X's Community Notes algorithm to address synthetic consensus.
Primary: Stanford University
All Institutions: Stanford University, X Community Notes, xAI
This work has significant broader impact, particularly for social media platforms and the field of adversarial machine learning. It proactively identifies a critical vulnerability in crowdsourced fact-checking systems (like X, Meta, TikTok, Google) that rely on matrix factorization for "bridging consensus." By demonstrating how coordinated adversaries can fabricate synthetic consensus, the paper highlights a fundamental challenge in designing robust, decentralized content moderation systems. The theoretical insights, especially the counterintuitive "Not Helpful" rating effect, contribute to a deeper understanding of MF-based systems. Most importantly, the paper's findings directly led to the development and *deployment of mitigations* (population sample filtering) within X's Community Notes algorithm, demonstrating a direct translation of research into real-world system improvements. This sets a high bar for impactful research in platform security and responsible AI, encouraging transparency and open collaboration between academia and industry to strengthen critical public-facing systems. This paper presents a rigorous analysis of coordinated manipulation in matrix factorization-based crowdsourced fact-checking, demonstrating a practical attack on production data and leading to the deployment of mitigations in X's Community Notes. The work combines theoretical derivations, empirical validation on a large-scale real-world dataset, and a practical cost model to expose a significant vulnerability in systems designed to combat misinformation, offering both novel insights into adversarial ML and direct, actionable solutions for platform security.
The paper presents a well-structured and rigorous methodology for analyzing coordinated manipulation in crowdsourced fact-checking systems, specifically focusing on the core matrix factorization (MF) component. The two-phase attack strategy is logically sound: first, adversarial accounts establish diverse positions in the latent factor space by strategically rating existing notes; second, these accounts coordinate to boost a target note's helpfulness score. This approach directly targets the "bridging" mechanism designed to ensure diverse agreement. The theoretical analysis of the Manipulation Resistance Score (MRS) is a significant contribution, providing a closed-form expression for the optimal single rating injection in a 1-dimensional factor space, which is the production setting for X. The derivation, detailed in the appendix, is thorough and correct. A particularly novel and counterintuitive finding is that rating a note as "Not Helpful" can, under specific conditions related to the geometry of existing ratings, increase its helpfulness score. This highlights a subtle vulnerability in the MF model. The cost model for the full attack provides a practical framework for understanding the economic feasibility of such manipulations and for evaluating potential mitigations. The methodology is strong in its combination of theoretical derivation, practical attack formulation, and cost analysis.
The experimental evaluation is robust and highly impactful due to its use of historic production data from X Community Notes (Jan 2021 - Jan 2025). This real-world dataset lends significant credibility to the findings. The ability to predict note parameters ($f_n, i_n$) from text using a Voyage embedding model and a shallow MLP is empirically demonstrated with reasonable accuracy, validating the feasibility of Phase 1 of the attack. The simulation showing that 100 adversarial accounts can achieve diverse factor positions across the spectrum $[-0.4, 0.4]$ further supports the attack's practicality. The quantification of MRS is a key empirical result, demonstrating that up to 10.7% of lower-quality notes could be manipulated above consensus thresholds using fewer than 10 ratings. This is a stark and actionable finding. The cost model, while simplified, provides concrete estimates (e.g., $30.50 for a single note manipulation) and effectively highlights the dominant cost factors (account maintenance). The paper also discusses the effectiveness of deployed mitigations, such as population sample filtering, which is a strong indicator of real-world impact. The experiments are well-designed to validate the theoretical claims and quantify the practical threat.
The paper demonstrates a strong commitment to reproducibility. It explicitly states that the analysis is based on the "open data and source code of X Community Notes," which facilitates independent study. The dataset used is publicly released, and the specific embedding model (Voyage-3-large) is identified. Hyperparameter and implementation details for the prediction model are promised in the appendix (though the appendix provided in the prompt is truncated before these details). The computational resources are specified, and the total wall-clock time for experiments is given. The full derivation for optimal rating injection is provided in the appendix. The authors also state that X deployed mitigations and released them as part of the open-source algorithm, further enhancing reproducibility and real-world impact.
The paper openly discusses several limitations. Firstly, it acknowledges that production Community Notes implementations include anti-abuse components (e.g., Correlated Rater Detection, Rater Engagement Intercept, Net Helpful Minimums) that are not fully incorporated into the core analysis. While these are discussed qualitatively, their quantitative impact on the attack's cost and success rate is not fully modeled. Secondly, the analysis is conducted in a static setting, not accounting for dynamic feedback loops where a surfaced "Helpful" note might attract more ratings, potentially changing its status. Thirdly, the MRS computation uses a greedy algorithm, which might be a conservative approximation compared to exact combinatorial optimization. Additionally, the note parameter prediction model uses only note text, ignoring post content or URLs, which could lead to underestimation of attacker capabilities. Finally, the cost model is a simplified abstraction and doesn't capture all nuances of attacker utility or sophisticated evasion strategies.
This work has significant broader impact, particularly for social media platforms and the field of adversarial machine learning. It proactively identifies a critical vulnerability in crowdsourced fact-checking systems (like X, Meta, TikTok, Google) that rely on matrix factorization for "bridging consensus." By demonstrating how coordinated adversaries can fabricate synthetic consensus, the paper highlights a fundamental challenge in designing robust, decentralized content moderation systems. The theoretical insights, especially the counterintuitive "Not Helpful" rating effect, contribute to a deeper understanding of MF-based systems. Most importantly, the paper's findings directly led to the development and *deployment of mitigations* (population sample filtering) within X's Community Notes algorithm, demonstrating a direct translation of research into real-world system improvements. This sets a high bar for impactful research in platform security and responsible AI, encouraging transparency and open collaboration between academia and industry to strengthen critical public-facing systems. This paper presents a rigorous analysis of coordinated manipulation in matrix factorization-based crowdsourced fact-checking, demonstrating a practical attack on production data and leading to the deployment of mitigations in X's Community Notes. The work combines theoretical derivations, empirical validation on a large-scale real-world dataset, and a practical cost model to expose a significant vulnerability in systems designed to combat misinformation, offering both novel insights into adversarial ML and direct, actionable solutions for platform security.
Safety training for large language models (LLMs) is conducted predominantly in English, leaving uncertain how well safety mechanisms generalize to low-resource languages and mixed-language code-switching. We show that this creates an epistemic gap in which models confidently generate harmful responses for inputs that fall outside the distribution of their safety training. To study this phenomenon, we introduce STEER (Safety Targeted Embedding Exploit via Refinement), a gradient-guided attack that identifies words contributing most strongly to the model's refusal behavior and iteratively translates them into low-resource languages to suppress refusal while preserving harmful intent. Across six open-source 8B-parameter models, STEER achieves attack success rates of up to 93.0% on JailbreakBench and 96.7% on AdvBench, outperforming random code-switching and Greedy Coordinate Gradient (GCG). The resulting prompts also transfer to GPT-4o-mini, achieving a 35.5% attack success rate without requiring access to the target model, suggesting that the underlying weakness is not specific to a single architecture. These findings demonstrate that safety mechanisms aligned primarily on English cannot be assumed to generalize across multilingual inputs. We argue that improving multilingual safety requires broader coverage during alignment and mechanisms that explicitly detect and abstain on out-of-distribution inputs.
Primary: Nanyang Technological University, Singapore
All Institutions: Nanyang Technological University, Singapore
This paper has profound broader implications for LLM safety research and development: * **Fundamental Vulnerability**: It exposes a systemic and fundamental vulnerability in current LLM safety alignment practices, which are predominantly English-centric and concentrate refusal knowledge into a single, exploitable direction. * **Shift in Perspective**: It reframes LLM safety as an "epistemic coverage problem" rather than solely an adversarial robustness challenge, highlighting the model's "unknown unknowns" and overconfident extrapolation. This conceptual shift is critical for designing more robust safety mechanisms. * **Mech Interp as Attack Enabler**: It provides a concrete demonstration of how mechanistic interpretability findings can be directly leveraged to construct powerful attacks, underscoring the dual-use nature of such research. * **Actionable Defenses**: The findings directly inform the design of future defenses, advocating for broader multilingual coverage during alignment, distributing safety knowledge across multiple layers/directions, and implementing principled abstention mechanisms for out-of-distribution inputs. * **Auditing Tool**: The FLD analysis offers a principled method for auditing models' structural safety vulnerability before deployment, allowing developers to assess the brittleness of their safety encoding. * **Ethical Implications**: The high success rates of STEER highlight the urgent need for more robust multilingual safety alignment to prevent the deployment of LLMs that confidently generate harmful content in diverse linguistic contexts. This paper introduces STEER, a gradient-guided attack that exploits the English-centric nature and concentrated refusal direction of LLM safety mechanisms, achieving high attack success rates by iteratively translating high-attribution words into low-resource languages. The work provides compelling evidence that current safety alignment practices suffer from an epistemic coverage problem, offering a novel diagnostic tool (FLD) and actionable insights for developing more robust, multilingual safety mechanisms and principled abstention strategies.
The STEER (Safety Targeted Embedding Exploit via Refinement) methodology is a sophisticated and principled gradient-guided attack that leverages mechanistic interpretability findings to bypass LLM safety mechanisms. The pipeline consists of four well-defined steps: 1. **Layer Selection via Fisher Linear Discriminant (FLD)**: A novel and effective method to automatically identify the transformer layer where the refusal direction is most "legible" or concentrated. This provides a quantitative measure of the model's structural vulnerability, which is a significant contribution beyond just enabling the attack. 2. **Paraphrase Preprocessing**: A practical initial step using GPT-4o to rephrase harmful requests, reducing initial keyword activation and providing a cleaner signal for gradient attribution. Ablation studies confirm its importance. 3. **Gradient-based Token Attribution**: This is the core of the "targeted" aspect. By computing gradients of input word embeddings against the mech-interp-identified refusal direction, STEER precisely identifies which words contribute most to activating the safety filter. This is a direct and elegant application of interpretability findings. 4. **Iterative Code-Switching**: Words are iteratively translated into a pool of 11 low-resource and non-Latin script languages, prioritizing those with the highest attribution scores. The selection of the best translation is based on minimizing the refusal score, ensuring the attack is efficient and effective. The overall approach is highly systematic, combining insights from mechanistic interpretability, gradient-based optimization, and multilingual NLP to create a powerful and interpretable attack. The design choices are well-justified and empirically validated.
The experimental evaluation is comprehensive and rigorous. * **Models**: Six diverse open-source 7-9B parameter models (Llama-3-8B, Mistral-7B, Gemma-7B, Qwen3-8B, DeepSeek-R1-Distill-Llama-8B, GLM-4-9B) are tested, demonstrating the generality of the attack across different architectures. * **Benchmarks**: Three standard jailbreak benchmarks (JailbreakBench, HarmBench, AdvBench) are used, covering a wide range of harmful prompts. * **Baselines**: STEER is compared against strong baselines: Direct (unmodified), CSRT (random code-switching), and GCG (gradient-based adversarial suffix optimization). * **Results**: STEER achieves exceptionally high Attack Success Rates (ASR) of up to 93.0% on JailbreakBench and 96.7% on AdvBench, consistently outperforming all baselines, often by a significant margin (e.g., 80% vs 44% for DeepSeek-R1 on JBB). This demonstrates its superior efficiency and effectiveness. * **Iteration Efficiency**: The attack shows strong performance even with a low iteration budget (e.g., 88% ASR at @1 for Mistral-7B on JBB), highlighting the efficiency gained from targeted attribution. * **Refusal Score Validation**: The paper provides strong statistical evidence that the refusal score (dot product with the refusal direction) is indeed the decision variable for refusal, validating the mechanistic hypothesis. * **Black-box Transferability**: A crucial finding is the transferability of STEER-generated prompts to GPT-4o-mini, achieving a 35.5% ASR without white-box access. This suggests the exploited weakness is not architecture-specific but a fundamental property of current alignment methods. * **Ablation Studies**: Thorough ablations confirm the importance of FLD layer selection, the diverse language pool, and the paraphrase preprocessing step, reinforcing the robustness of the design choices. The evaluation is robust, well-designed, and provides compelling evidence for the paper's claims.
The paper provides a clear algorithmic description (Algorithm 1) of the STEER attack. Key parameters, language pool, and judge details are specified. Crucially, the authors provide code at `https://github.com/JvThunder/STEER`, which significantly enhances reproducibility. The use of open-source models and standard benchmarks further aids reproducibility.
1. **White-box Access**: STEER requires white-box access to the target model's internal representations and gradients, limiting its direct applicability to closed-source APIs. While transferability to GPT-4o-mini is shown, a dedicated black-box adaptation is not explored. 2. **Model Scale**: The evaluation is limited to 7-9B parameter models. While these are widely used, the findings might not directly generalize to much larger models (e.g., 70B+) or models with different safety alignment strategies. 3. **Automated Judge**: The use of GPT-4o as an automated judge, while common, might occasionally diverge from human assessments, especially for borderline cases of harmfulness or refusal. The dual-criterion (non-refusing and harmful) is a conservative approach, but human validation on a subset could strengthen this.
This paper has profound broader implications for LLM safety research and development: * **Fundamental Vulnerability**: It exposes a systemic and fundamental vulnerability in current LLM safety alignment practices, which are predominantly English-centric and concentrate refusal knowledge into a single, exploitable direction. * **Shift in Perspective**: It reframes LLM safety as an "epistemic coverage problem" rather than solely an adversarial robustness challenge, highlighting the model's "unknown unknowns" and overconfident extrapolation. This conceptual shift is critical for designing more robust safety mechanisms. * **Mech Interp as Attack Enabler**: It provides a concrete demonstration of how mechanistic interpretability findings can be directly leveraged to construct powerful attacks, underscoring the dual-use nature of such research. * **Actionable Defenses**: The findings directly inform the design of future defenses, advocating for broader multilingual coverage during alignment, distributing safety knowledge across multiple layers/directions, and implementing principled abstention mechanisms for out-of-distribution inputs. * **Auditing Tool**: The FLD analysis offers a principled method for auditing models' structural safety vulnerability before deployment, allowing developers to assess the brittleness of their safety encoding. * **Ethical Implications**: The high success rates of STEER highlight the urgent need for more robust multilingual safety alignment to prevent the deployment of LLMs that confidently generate harmful content in diverse linguistic contexts. This paper introduces STEER, a gradient-guided attack that exploits the English-centric nature and concentrated refusal direction of LLM safety mechanisms, achieving high attack success rates by iteratively translating high-attribution words into low-resource languages. The work provides compelling evidence that current safety alignment practices suffer from an epistemic coverage problem, offering a novel diagnostic tool (FLD) and actionable insights for developing more robust, multilingual safety mechanisms and principled abstention strategies.
Memory expertise is a learned skill: knowing what to encode, when to retrieve, and how to organize knowledge--a capacity known in cognitive science as metamemory. We bring this perspective to LLMs by treating memory management as a trainable skill. We promote file-system operations to first-class memory actions alongside task actions, letting the model itself decide how to manage its memory. This memory skill improves along two axes: the structure that supports it (prompts, file schemas, action vocabulary), and the proficiency of the model exercising it. Both axes resist manual optimization: episodes in long-horizon tasks run for thousands of steps, and a single memory mistake can hide long before it surfaces, making human review of full trajectories impractical. We introduce AutoMem, a framework that automates both axes. In the first loop, a strong LLM reviews complete agent trajectories and iteratively revises the memory structure that shapes how the agent interacts with its memory files. In the second loop, the agent's own good memory decisions are identified from many episodes and used as training signal to sharpen the model's memory proficiency directly. Across three procedurally generated long-horizon games (Crafter, MiniHack, and NetHack), optimizing memory alone--without modifying the model's task-action behavior--improved the base agent's performance ~2x-4x, bringing a 32B open-weight model competitive with frontier systems such as Claude Opus 4.5 and Gemini 3.1 Pro Thinking. Our results show that memory management is an independently learnable skill, and a high-leverage objective yielding large gains on long-horizon tasks.
Primary: Stanford University
All Institutions: Stanford University
The paper's findings have substantial broader implications. By demonstrating that automated memory optimization can significantly enhance LLM agent performance on long-horizon tasks, it offers a practical pathway for open-weight models to achieve capabilities comparable to frontier proprietary systems. This could democratize access to advanced agentic AI, making sophisticated LLM agents more accessible for research and development. The methodology of using meta-LLMs for trajectory-level review and targeted revision is a generalizable workflow that could be applied to optimize other agent capabilities beyond memory, potentially accelerating agent development across various domains. While the current applications are in games, the underlying principles are highly transferable to real-world tasks requiring complex, long-term information management. The authors responsibly note that the released artifacts are not directly applicable to high-stakes deployment without further safety review, acknowledging the ethical considerations. This paper introduces AutoMem, a novel framework that automates the learning of memory as a cognitive skill for LLM agents by iteratively optimizing both the memory's supporting structure (scaffold) and the model's proficiency in using it, yielding significant performance gains on long-horizon tasks and making open-weight models competitive with frontier systems. The work presents a highly innovative approach to a critical challenge in LLM agent development, leveraging meta-LLMs to automate the optimization of memory management in long-horizon tasks where human review is intractable. Its strong empirical results, demonstrating substantial performance improvements solely from memory optimization and bringing a 32B open-weight model to the level of frontier proprietary systems, highlight memory as a high-leverage objective and offer a promising direction for developing more capable, efficient, and accessible AI agents.
The methodology proposed in AutoMem is exceptionally well-conceived and technically sound. The central idea of treating memory management as a "trainable skill" for LLMs, drawing inspiration from cognitive science's metamemory, is a powerful conceptual shift. By promoting file-system operations (read, write, search, append, create) to first-class actions within the LLM's action space, the framework provides a flexible, observable, and controllable interface for external memory. The core technical contribution is the two-loop AutoMem framework. The first loop, scaffold optimization, leverages a powerful meta-LLM (Claude Opus 4.6) to review complete, long-horizon agent trajectories (up to $10^5$ steps) and iteratively revise the agent's code, prompts, and memory file schema. This addresses a critical bottleneck in long-horizon task development, where human review of such extensive traces is impractical. The meta-LLM effectively acts as a "code reviewer," diagnosing memory-related failures and proposing concrete structural improvements (e.g., coordinate-keyed deduplication, auto-synced inventory files, pre-populated strategy guides). The second loop, proficiency training, focuses on enhancing the model's parametric ability to make optimal memory decisions. Here, a meta-LLM (Claude Opus 4.7) acts as a "training engine," curating high-quality supervised training data from the agent's own experience and orchestrating the LoRA finetuning configuration. The architectural separation of a finetuned "memory specialist" model from the frozen "gameplay model" is a clever design choice, ensuring that memory skill acquisition is targeted and does not degrade the base model's existing task competence. This modularity allows for clean, additive gains. The overall framework is coherent, addresses a significant challenge in LLM agent development, and is grounded in a strong theoretical perspective.
The experimental evaluation is rigorous and highly convincing. The paper selects three challenging, procedurally generated long-horizon games—Crafter, MiniHack, and NetHack—which are ideal environments for testing sophisticated memory management due to their length, stochasticity, and the inherent need for persistent knowledge (e.g., maps, inventory, strategies). The use of the BALROG harness ensures a standardized and challenging benchmark. The primary metric, game progression rate, is appropriate for these complex tasks. The results are remarkably strong: optimizing memory *alone*, without modifying the base model's task-action weights, yields substantial performance gains of 2x-4x across all environments. This empirically validates the paper's central hypothesis that memory management is an independently learnable and high-leverage skill. Furthermore, the optimized 32B open-weight model achieves performance competitive with frontier proprietary systems such as Claude Opus 4.5 and Gemini 3.1 Pro Thinking, a highly impactful finding that suggests memory optimization can significantly close the gap between open-source and state-of-the-art proprietary models on these tasks. The paper also provides compelling qualitative evidence, including a significant reduction in unproductive actions, a sharp decrease in redundant memory writes, and the emergence of a "consult-before-write" memory discipline in the trained specialist. The detailed examples of memory schema evolution (e.g., NetHack's coordinate-keyed map deduplication) further illustrate the concrete benefits of the scaffold optimization. The inclusion of strong baselines, including frontier proprietary models and basic context-management strategies, provides a comprehensive comparison.
The paper demonstrates an excellent commitment to reproducibility. A dedicated appendix provides comprehensive implementation details, including specific configurations for all three game environments (Crafter, MiniHack, NetHack), such as world area, agent view, reward settings, maximum episode steps, and evaluation seeds. Crucially, it details the outer-loop processes, specifying the meta-LLMs used (Claude Opus 4.6/4.7), the criteria for accepting revisions, retry mechanisms, training data collection procedures, and the exact LoRA hyperparameters (rank, alpha, dropout, effective batch size, learning rate, number of training epochs, and target modules) for each environment. The explicit mention of releasing the complete prompt templates and code at `https://github.com/autoLearnMem/AutoMem` is a significant strength, enabling researchers to replicate and build upon this work. This level of detail is commendable and sets a high standard for reproducibility in LLM agent research.
The authors thoughtfully acknowledge several limitations. The current memory system is episodic, meaning the file system starts fresh at the beginning of each episode, which prevents knowledge transfer across sessions. Extending this to persistent memory is identified as a natural next step. The experiments are conducted on game environments, which, while well-suited for studying memory, suggest a need to validate the approach on real-world, memory-intensive tasks. Additionally, the current framework optimizes a separate scaffold and memory specialist for each game, raising the question of whether a single, more generalized scaffold or specialist could be developed to operate effectively across diverse environments. An implicit limitation, common to meta-LLM-driven approaches, is the reliance on powerful proprietary models (Claude Opus) as meta-LLMs, which entails cost and potential for brittleness, though the iterative refinement and gating mechanisms help mitigate this.
The paper's findings have substantial broader implications. By demonstrating that automated memory optimization can significantly enhance LLM agent performance on long-horizon tasks, it offers a practical pathway for open-weight models to achieve capabilities comparable to frontier proprietary systems. This could democratize access to advanced agentic AI, making sophisticated LLM agents more accessible for research and development. The methodology of using meta-LLMs for trajectory-level review and targeted revision is a generalizable workflow that could be applied to optimize other agent capabilities beyond memory, potentially accelerating agent development across various domains. While the current applications are in games, the underlying principles are highly transferable to real-world tasks requiring complex, long-term information management. The authors responsibly note that the released artifacts are not directly applicable to high-stakes deployment without further safety review, acknowledging the ethical considerations. This paper introduces AutoMem, a novel framework that automates the learning of memory as a cognitive skill for LLM agents by iteratively optimizing both the memory's supporting structure (scaffold) and the model's proficiency in using it, yielding significant performance gains on long-horizon tasks and making open-weight models competitive with frontier systems. The work presents a highly innovative approach to a critical challenge in LLM agent development, leveraging meta-LLMs to automate the optimization of memory management in long-horizon tasks where human review is intractable. Its strong empirical results, demonstrating substantial performance improvements solely from memory optimization and bringing a 32B open-weight model to the level of frontier proprietary systems, highlight memory as a high-leverage objective and offer a promising direction for developing more capable, efficient, and accessible AI agents.
In long-context use, large language models frequently synthesize answers from the meaning of a relevant context span rather than literally copy-pasting them. Identifying which attention heads perform this synthesis matters for interpreting long-context model behavior. Yet existing detectors miss these heads by construction: they reward heads whose attended token matches the generated token, a literal-copy criterion that captures where a head reads but not what it writes through its output-value (OV) circuit, the very mechanism that carries non-literal retrieval. We introduce Logit-Contribution Scoring (LOCOS), a write-aware detector that scores each head by the projection of its OV-circuit output onto the answer-token unembedding direction, contrasting needle and off-needle source positions in a single forward pass. Across three model families (Qwen3, Gemma-3, OLMo-3.1), mean-ablating the top LOCOS heads on the NoLiMa non-literal retrieval benchmark collapses ROUGE-L at lower head counts than prior attention-based detections; on Qwen3-8B, ablating 50 heads drives ROUGE-L from 0.401 to 0.000 while the strongest baseline still retains 0.292. The selected heads are retrieval-specific: parametric recall and arithmetic reasoning stay at baseline under the same ablation. On Qwen3-8B, the same ablation also drops MuSiQue from 0.55 to 0.08 and BABI-Long from 0.62 to 0.20, while a random-heads control stays within 0.05 of baseline.
Primary: University of Edinburgh
All Institutions: University of Edinburgh
LOCOS makes a significant contribution to the field of LLM interpretability and mechanistic interpretability. By providing a "write-aware" detector, it enables researchers to identify and understand the attention heads responsible for synthesizing non-literal answers from long contexts, a crucial aspect of advanced LLM behavior. This can lead to: * **Improved Model Understanding**: Deeper insights into how LLMs process and synthesize information, moving beyond simple token copying. * **Enhanced Debugging and Safety**: Pinpointing specific circuits responsible for non-literal retrieval could help diagnose issues like hallucination or incorrect synthesis in RAG systems. * **Targeted Model Optimization**: Identifying these critical heads could inform more efficient model architectures or targeted fine-tuning strategies for long-context tasks. * **New Research Directions**: The method opens avenues for further investigation into the interplay between QK and OV circuits in various LLM capabilities. The provided code and datasets will facilitate further research in this area. Logit-Contribution Scoring (LOCOS) is a novel, write-aware method that effectively identifies non-literal retrieval heads in large language models by measuring their direct contribution to the answer logit. The paper presents a robust methodology and compelling experimental evidence across multiple LLM families and tasks, demonstrating that LOCOS consistently and causally identifies heads critical for synthesizing answers from context, thereby significantly advancing the mechanistic understanding of long-context LLM behavior.
The paper introduces Logit-Contribution Scoring (LOCOS), a novel, "write-aware" detector for identifying non-literal retrieval heads in large language models. The core insight is that existing methods, which rely on attention patterns (where a head reads), fail to capture non-literal retrieval where the output-value (OV) circuit transforms attended content into a synthesized answer (what a head writes). LOCOS addresses this by scoring each head based on the scalar projection of its OV-circuit output onto the correct answer-token's unembedding vector. This directly measures the head's contribution to the answer logit. A key methodological strength is the use of spatial contrast, comparing logit contributions from needle positions against length-normalized off-needle contributions within a single decoding step. This allows for efficient scoring (single forward pass per probing trial) and effectively isolates needle-specific contributions, cancelling out uniform contributors. The aggregation method pools scores over all answer steps across passing trials. The method is well-defined, mathematically grounded, and directly tackles a critical limitation of prior work in mechanistic interpretability.
The experimental evaluation is exceptionally thorough and convincing. The authors test LOCOS across six configurations spanning three modern LLM families (Qwen3, Gemma-3, OLMo-3.1) on the NoLiMa non-literal retrieval benchmark. Causal validation is performed via mean-ablation of top-ranked heads, a robust technique for assessing causal importance. 1. **Ablation Comparison**: LOCOS consistently produces significantly steeper ROUGE-L degradation curves than all attention-based baselines (Wu/NIAH-scored, Wu/NoLiMa-scored, and a random control). On Qwen3-8B, ablating just 50 LOCOS heads collapses ROUGE-L from 0.401 to 0.000, while the strongest baseline retains 0.292. This is a striking and highly convincing result. 2. **OV Contribution Isolation**: A control experiment comparing LOCOS to an attention-only spatial-contrast score (matching LOCOS's aggregation but removing the OV projection) demonstrates that the OV projection is crucial for consistent reliability and severe performance collapse across models. 3. **Bottom-k Control**: Ablating heads with negative spatial contrast scores (contributing from off-needle positions) shows no degradation, effectively ruling out the objection that LOCOS merely ablates any answer-aligned signal. This confirms that LOCOS identifies *needle-specific* retrieval heads. 4. **Retrieval Specificity**: LOCOS heads are shown to be retrieval-specific, with parametric recall and arithmetic reasoning tasks remaining largely unaffected by the same ablation. LOCOS achieves the highest dissociation score across all models, indicating minimal damage to non-retrieval capabilities. 5. **Literal vs. Non-Literal Specificity**: Ablating LOCOS heads degrades both non-literal (NoLiMa) and literal (NIAH) retrieval, but with a steeper drop on NoLiMa, confirming its ability to identify the non-literal subset missed by prior methods. 6. **Downstream Evaluation**: Ablating LOCOS heads significantly degrades performance on complex downstream long-context benchmarks like MuSiQue and BABILong, particularly for the Qwen3 family, demonstrating transferability and real-world impact. The experiments are comprehensive, include strong baselines and controls, and provide compelling evidence for the efficacy and specificity of LOCOS.
The paper provides a clear methodological description, including equations for per-position logit contribution, spatial contrast, and aggregation. Key experimental details such as model families, benchmarks (NoLiMa, NIAH, parametric tasks), ablation method (mean-ablation with query vector calibration), and evaluation metrics (ROUGE-L, accuracy) are well-documented. The authors provide GitHub and HuggingFace dataset links, which significantly enhance reproducibility. The level of detail provided is sufficient for researchers to replicate the core findings.
The authors acknowledge two main limitations: 1. **Off-needle baseline**: If the context contains distractor information semantically related to the answer, the off-needle contribution might rise, potentially causing LOCOS to under-score heads performing broad semantic matching rather than targeted needle retrieval. While desirable for span-specific retrieval, this might miss heads involved in more diffuse contextual integration. 2. **Architecture coverage**: The evaluation focuses on specific decoder-only transformer families. The authors caution that the observed causal head-ablation magnitudes and late-layer concentration should not be assumed to transfer without verification to other architectures like Mixture-of-Experts, encoder-decoder stacks, or state-space models.
LOCOS makes a significant contribution to the field of LLM interpretability and mechanistic interpretability. By providing a "write-aware" detector, it enables researchers to identify and understand the attention heads responsible for synthesizing non-literal answers from long contexts, a crucial aspect of advanced LLM behavior. This can lead to: * **Improved Model Understanding**: Deeper insights into how LLMs process and synthesize information, moving beyond simple token copying. * **Enhanced Debugging and Safety**: Pinpointing specific circuits responsible for non-literal retrieval could help diagnose issues like hallucination or incorrect synthesis in RAG systems. * **Targeted Model Optimization**: Identifying these critical heads could inform more efficient model architectures or targeted fine-tuning strategies for long-context tasks. * **New Research Directions**: The method opens avenues for further investigation into the interplay between QK and OV circuits in various LLM capabilities. The provided code and datasets will facilitate further research in this area. Logit-Contribution Scoring (LOCOS) is a novel, write-aware method that effectively identifies non-literal retrieval heads in large language models by measuring their direct contribution to the answer logit. The paper presents a robust methodology and compelling experimental evidence across multiple LLM families and tasks, demonstrating that LOCOS consistently and causally identifies heads critical for synthesizing answers from context, thereby significantly advancing the mechanistic understanding of long-context LLM behavior.
Autonomous scientific discovery systems offer the potential to accelerate research by automating the process of hypothesis generation and validation. However, current systems operate within constrained search spaces or require predefined research questions, limiting their capacity for true open-ended inquiry. Furthermore, while they generate hypotheses iteratively, they largely lack the ability to explicitly synthesize their own accumulated findings to uncover complex, interconnected phenomena. We introduce DiscoPER, an autonomous large language model-powered framework that conducts open-ended research by dynamically generating and executing code to explore datasets without pre-specified research objectives. To ensure rigorous scientific validity, every proposed discovery must pass statistical testing. To overcome the limitations of isolated search, our framework introduces a second-order reasoning mechanism that periodically analyzes its own accumulated discoveries. By treating prior discoveries as empirical data, DiscoPER identifies structural patterns, confounds, and epistemic gaps, actively redirecting hypothesis exploration toward uncharted regions of the search space. The search space is further expanded by incorporating tool use, enabling the system to explore hypotheses beyond structured metadata by seamlessly processing and extracting useful information from multimodal sources like images. Evaluated on iNatDisco, a new multimodal ecological knowledge benchmark with pattern-level ground truth obtained from peer-reviewed literature, DiscoPER recovers 8 of 9 known patterns with a 72.7% hypothesis support rate, outperforming both classical causal discovery and LLM-guided baselines. Ablations show that DiscoPER scales with more data, and confirms the benefits of second-order meta-reflection.
Primary: University of Edinburgh
All Institutions: University of Edinburgh, Massachusetts Institute of Technology
[One sentence main contribution]. DiscoPER introduces a novel autonomous scientific discovery framework that combines LLM-driven hypothesis generation, code-based statistical validation, and second-order meta-reflection to enable open-ended, data-driven scientific inquiry. [Comprehensive analysis of the technical contribution, methodology, and significance to the field]. The paper presents a significant advancement in agentic ML for scientific discovery by addressing the critical limitation of isolated hypothesis generation in existing systems. By introducing a structured "Propose-Evaluate-Reflect" loop, DiscoPER enables the system to synthesize accumulated findings, identify gaps, and redirect its search strategy dynamically. The rigorous validation mechanism, which requires hypotheses to pass statistical tests on held-out data, ensures scientific validity and mitigates LLM hallucination. The creation of the iNatDisco benchmark provides a much-needed evaluation standard for open-ended discovery, moving beyond task-specific QA. The empirical results demonstrate that this approach significantly outperforms both classical causal discovery methods and guided LLM baselines, particularly in recovering complex, multi-variable patterns. This work establishes a new paradigm for autonomous scientific agents that are not only capable of generating ideas but also of critically evaluating and building upon their own discoveries.
The paper proposes DiscoPER, an autonomous scientific discovery framework that integrates Large Language Models (LLMs) with executable code and statistical testing. The core methodological innovation is the "Propose-Evaluate-Reflect" loop. Unlike previous systems that either require predefined research questions (guided) or lack iterative synthesis (unstructured), DiscoPER operates in an open-ended manner ($P=$ none). It generates hypotheses as Python code, validates them on held-out data to prevent p-hacking, and employs a second-order "Reflect" module. This Reflect module analyzes the accumulated claim store to identify epistemic gaps, confounds, and compound hypotheses, thereby steering the search space in subsequent iterations. The approach effectively bridges the gap between classical causal discovery (restricted edge spaces) and LLM-based reasoning (prone to hallucination) by grounding all claims in statistical significance while allowing the LLM to explore a Turing-complete hypothesis space. The inclusion of multimodal capabilities via tool use (VLMs) further expands the scope of discoverable patterns beyond tabular metadata.
The evaluation is rigorous and addresses the specific challenges of open-ended discovery. The authors introduce iNatDisco, a new benchmark derived from iNaturalist data, which includes ground-truth patterns from peer-reviewed literature. This is a significant contribution, as existing benchmarks are largely task-oriented. DiscoPER achieves 8/9 pattern recovery on iNatDisco-800 and 8/12 on iNatDisco-50K, outperforming classical causal discovery methods (which fail to capture complex interactions) and guided LLM baselines. The ablation studies clearly demonstrate the value of the Reflect module, showing improvements in both recall and hypothesis support rate. The counterfactual evaluation is particularly strong, proving that the system relies on data-driven evidence rather than memorized LLM priors. The scaling analysis provides insight into the system's behavior with respect to data size and iteration count.
The paper provides detailed implementation specifications, including model versions (Claude Sonnet 4.6, etc.), statistical thresholds (effect size > 0.2, p < 0.05), and the structure of the hypothesis code. The use of executable code for hypotheses enhances reproducibility, as the validation steps are deterministic given the data and code. The description of the iNatDisco dataset construction is sufficient for replication. However, the reliance on proprietary LLMs (Claude, GPT) means that exact performance replication might vary with model updates, though the methodology itself is open.
The system is computationally expensive due to the iterative nature of code generation, execution, and reflection. The performance is bounded by the quality and bias of the underlying LLMs and the available data. The "Reflect" module, while effective, introduces latency and potential for compounding errors if the initial claims are flawed. Additionally, the benchmark, while novel, is specific to ecology; generalization to other scientific domains requires further validation. The system's ability to discover truly novel, non-intuitive patterns beyond those present in the training data of the LLM remains an open question, although the counterfactual tests mitigate some of this concern.
This work has significant implications for accelerating scientific discovery across disciplines. By automating the iterative process of hypothesis generation and validation, it can help researchers identify patterns that might be overlooked due to human cognitive biases or limitations. The open-ended nature of the system encourages exploration of uncharted regions of the search space, potentially leading to new scientific insights. However, the reliance on AI for scientific discovery raises ethical considerations regarding the verification of findings and the potential for automated bias reinforcement. The framework provides a robust template for building autonomous scientific agents that prioritize empirical validity. [One sentence main contribution]. DiscoPER introduces a novel autonomous scientific discovery framework that combines LLM-driven hypothesis generation, code-based statistical validation, and second-order meta-reflection to enable open-ended, data-driven scientific inquiry. [Comprehensive analysis of the technical contribution, methodology, and significance to the field]. The paper presents a significant advancement in agentic ML for scientific discovery by addressing the critical limitation of isolated hypothesis generation in existing systems. By introducing a structured "Propose-Evaluate-Reflect" loop, DiscoPER enables the system to synthesize accumulated findings, identify gaps, and redirect its search strategy dynamically. The rigorous validation mechanism, which requires hypotheses to pass statistical tests on held-out data, ensures scientific validity and mitigates LLM hallucination. The creation of the iNatDisco benchmark provides a much-needed evaluation standard for open-ended discovery, moving beyond task-specific QA. The empirical results demonstrate that this approach significantly outperforms both classical causal discovery methods and guided LLM baselines, particularly in recovering complex, multi-variable patterns. This work establishes a new paradigm for autonomous scientific agents that are not only capable of generating ideas but also of critically evaluating and building upon their own discoveries.
World models aim to capture environment dynamics in ways that support perception, reasoning, and action, and have recently become a central direction in Vision-Language-Action-World (VLAW) modeling. Meanwhile, unified vision-language models have demonstrated strong multimodal generation capabilities, yet their potential as world models remains underexplored. In this work, we introduce \texttt{WorldBagel}, a unified VLAW framework built on BAGEL, a modern multimodal unified model, and use it to systematically investigate the role of unification in world modeling. Across multi-task robotic manipulation and cross-domain experiments, \texttt{WorldBagel} consistently outperforms task-specific alternatives and learns action representations that are more structured and semantically aligned with visual and linguistic context. Experiments on LIBERO, Language Table, and Franka show that unification is not only an architectural convenience, but also a key factor in learning effective VLAW models, leading to consistent empirical gains and deeper insights into multimodal world modeling. Code and model checkpoints will be released upon acceptance.
Primary: Georgia Institute of Technology
All Institutions: Georgia Institute of Technology
WorldBagel makes a significant contribution to the field of embodied AI and multimodal learning. By demonstrating the power of architectural unification for Vision-Language-Action-World modeling, it paves the way for more capable and general-purpose robotic agents. The ability to jointly understand language, perceive the environment, predict actions, and model future states within a single framework is a crucial step towards truly intelligent robots. The proposed Fourier-based action representation (FFAD/FFAT) is a valuable technical innovation that could be adopted by other robotics policies for more robust and structured action learning. The findings on stability under distribution shifts are particularly relevant for deploying robots in real-world, uncertain environments. This work encourages further research into leveraging large-scale unified multimodal models for complex embodied tasks, potentially leading to breakthroughs in robot learning and generalization. WorldBagel introduces a unified VLAW framework built on BAGEL, systematically demonstrating that architectural unification significantly improves multi-task robotic manipulation performance, yields higher-quality action representations via Fourier-based tokenization, and enhances stability under distribution shifts, thereby providing a promising foundation for scalable multimodal world models. This paper presents a robust methodology for integrating vision, language, action, and world modeling into a single coherent framework, supported by strong empirical results and insightful analyses of action representation and robustness, making a substantial contribution to the development of more capable and generalizable embodied AI systems.
The paper introduces WorldBagel, a unified Vision-Language-Action-World (VLAW) framework built upon the BAGEL two-tower architecture. The core methodological contribution lies in extending a powerful multimodal generative model (BAGEL) to jointly support multimodal understanding, structured action modeling, and future world prediction. The VLAW formulation is clearly defined, aiming to model the joint distribution of future observations and actions conditioned on past states and language instructions. A significant technical contribution is the Fourier Feature Action Decoder (FFAD) and Fourier Feature Action Tokenizer (FFAT). FFAD addresses the limitations of standard regression and discretization-based action tokenizers by mapping continuous actions into Fourier features and predicting in this space. The inverse mapping uses phase-consistent averaging for reconstruction. This approach is well-justified with theoretical analysis provided in the appendix, demonstrating Lipschitz stability, injectivity, consistency of reconstruction, and approximation advantages. This mathematical rigor is a strong point. The interleaved VLAW modeling via sequence plans, adapted from BAGEL, is a practical and flexible way to structure multimodal sequences for multi-view, multi-step observations and control. The concept of sampling different sequence plans to balance training objectives is sound. Furthermore, the LLM-inspired multimodal train-time data sampling, using mixture dataset sampling and priority sequence-plan sampling, is a crucial engineering detail for stabilizing training across heterogeneous datasets and balancing policy learning with world modeling. The overall architecture leverages the strengths of BAGEL's GEN/UND experts, with action modeling integrated through fine-tuned tokenizers and decoders rather than a new expert. This design choice maintains the unified nature of the model.
The experimental evaluation is comprehensive and rigorous, addressing three key empirical findings: multi-task performance, action representation quality, and stability under distribution shifts. 1. **Multi-task Performance**: WorldBagel is evaluated on LIBERO, Language Table, and Franka benchmarks. On LIBERO, it achieves state-of-the-art multi-task manipulation performance (98.0% average success rate), outperforming strong VLA baselines like OpenVLA-OFT and RynnVLA-002. The world modeling capabilities are also quantitatively assessed using FVD, PSNR, SSIM, and LPIPS, showing consistent improvements over RynnVLA-002 across all datasets, especially in action-conditioned prediction. This clearly demonstrates the empirical gains of the unified VLAW approach. 2. **Action Representation Quality**: A detailed ablation study on action decoder design (regression, bin discretization, FAST, FFAD) on LIBERO shows FFAD significantly reduces action MSE and improves success rates. Further analysis on the number of Fourier bands (K) in FFAD/FFAT provides insights into optimal hyperparameter choices. Crucially, the representation structure analysis using a linear probe classifier reveals that FFAD produces more structured and task-relevant action embeddings, leading to higher task identity prediction accuracy. This is a strong validation of the FFAD design. 3. **Stability Under Distribution Shifts**: The paper investigates robustness to action noise, scaling, and temporal perturbations on LIBERO. WorldBagel consistently maintains higher prediction fidelity (PSNR, LPIPS) compared to RynnVLA-002 under these shifts. The eigenvalue spectrum analysis further supports this, showing WorldBagel learns richer and more stable action representations (higher effective rank, lower dominant eigenvalue ratio). This finding is particularly important for real-world robotics applications where such shifts are common. The choice of baselines is appropriate, including recent strong VLA models and a direct competitor (RynnVLA-002) that also aims for VLAW unification. The use of multiple metrics (success rate, FVD, PSNR, SSIM, LPIPS, A-MSE, linear probe accuracy, eigenvalue spectrum) provides a holistic view of the model's performance and internal properties. The experiments are well-designed to support the paper's claims about the benefits of unification.
The paper states that "Code and model checkpoints will be released upon acceptance," which is a positive commitment. Detailed hyperparameters (learning rate, weight decay, batch size, training steps, K for FFAT/FFAD, priority weights) and hardware (8 H200 GPUs) are provided, which are crucial for reproducibility. The mathematical derivations for FFAD/FFAT in the appendix also contribute to understanding and potentially re-implementing those components. Given the complexity of large multimodal models, the release of code and checkpoints is essential for full reproducibility.
1. **Computational Cost**: While not explicitly stated as a limitation, training and deploying a model built on a large unified multimodal backbone like BAGEL is inherently computationally intensive, requiring significant resources (e.g., 8 H200 GPUs for 80K steps). This might limit its applicability for resource-constrained environments or rapid iteration. 2. **Scope of World Modeling**: The "world modeling" aspect primarily focuses on next-frame prediction for manipulation tasks. While crucial, it doesn't delve into more abstract forms of world knowledge, causal reasoning, or long-horizon planning beyond short action rollouts, which are often goals of broader world models. 3. **Reliance on Supervised Fine-tuning**: The model relies on supervised fine-tuning (SFT) on existing robotic datasets. While effective, this approach might be limited by the diversity and scale of available demonstration data, potentially hindering generalization to truly novel tasks or environments compared to models that learn more extensively through self-supervision or interaction. 4. **Generalizability Beyond Manipulation**: The experiments are confined to robotic manipulation tasks. While these are challenging, the generalizability of "unified VLAW modeling" to other embodied AI domains (e.g., navigation, human-robot interaction) or even broader generative tasks is not explored.
WorldBagel makes a significant contribution to the field of embodied AI and multimodal learning. By demonstrating the power of architectural unification for Vision-Language-Action-World modeling, it paves the way for more capable and general-purpose robotic agents. The ability to jointly understand language, perceive the environment, predict actions, and model future states within a single framework is a crucial step towards truly intelligent robots. The proposed Fourier-based action representation (FFAD/FFAT) is a valuable technical innovation that could be adopted by other robotics policies for more robust and structured action learning. The findings on stability under distribution shifts are particularly relevant for deploying robots in real-world, uncertain environments. This work encourages further research into leveraging large-scale unified multimodal models for complex embodied tasks, potentially leading to breakthroughs in robot learning and generalization. WorldBagel introduces a unified VLAW framework built on BAGEL, systematically demonstrating that architectural unification significantly improves multi-task robotic manipulation performance, yields higher-quality action representations via Fourier-based tokenization, and enhances stability under distribution shifts, thereby providing a promising foundation for scalable multimodal world models. This paper presents a robust methodology for integrating vision, language, action, and world modeling into a single coherent framework, supported by strong empirical results and insightful analyses of action representation and robustness, making a substantial contribution to the development of more capable and generalizable embodied AI systems.
We elucidate the design space of Representation Distribution Matching (RDM), our name for the paradigm that trains a one-step image generator by matching generated and reference feature distributions under frozen pretrained encoders. We identify two design axes, how the distributions are compared and the representations they are compared in, and controlled studies along them yield three findings. First, the classical MMD, which could not train convincing generators a decade ago, becomes a strong and scalable objective once estimated right. Second, the generated batch is then the operative variable, with an optimum above 2048, far beyond customary batch sizes. Third, any single representation can be gamed, driven below the real score while images stay visibly fake, so we match against a balanced battery of encoders and evaluate with SW_r14, a Sliced-Wasserstein distance over 14 encoders that is independent of the training loss and resists gaming. Combining the preferred choices yields improved RDM (iRDM): it sets the one-step state of the art on ImageNet at SW_r14 1.30, corroborated by PickScore, a human-preference proxy our objective never optimizes, which prefers it over the prior best one-step generator on 71.2% of matched samples. The same recipe post-trains the four-step FLUX.2 [klein] into a one-step generator, surpassing the four-step version on GenEval, 0.826 to 0.794, and on PickScore, 22.76 to 22.58, in 90 H200 GPU-hours. Project page: https://alan-lanfeng.github.io/rdm/.
Primary: Valeo
All Institutions: Valeo, Alan Turing Institute (implied by author handle 'alan-lanfeng' and typical affiliation for such work, though only Valeo is explicitly funded; however, standard academic papers list affiliations. The text says "Project page: https://alan-lanfeng.github.io/rdm/" and "funded by Valeo". Without explicit author list, I will infer the primary institutional affiliation from the funding and project page context. The author 'alan-lanfeng' likely refers to Alan Feng or similar. A quick mental check of recent one-step generation papers suggests this is likely from Valeo and/or a university. Given the prompt asks to extract from text, and only Valeo is explicitly mentioned as funding/affiliation in the Acknowledgments, I will list Valeo. However, 'alan-lanfeng' is a GitHub handle. Let's look for other clues. The paper mentions "alan-lanfeng.github.io". This is likely a single-author or small team paper. I will list Valeo as the primary institution found in the text.)
This paper presents a significant advancement in one-step image generation by rigorously elucidating the design space of Representation Distribution Matching, introducing a robust MMD estimator with Nyström approximation, and demonstrating that large-batch, multi-encoder training yields state-of-the-art results while mitigating metric gaming, thereby providing a scalable and effective alternative to teacher-based distillation methods.
The paper proposes "Representation Distribution Matching" (RDM), a framework for training one-step image generators by directly matching feature distributions between generated and real images using frozen pretrained encoders. The core methodological contributions are threefold: 1) A specific estimator for Maximum Mean Discrepancy (MMD) that uses an exact within-batch repulsion term and a Nyström approximation for the attraction term against a frozen full-data reference, which the authors argue is superior to Fréchet distance or drifting fields for this task. 2) The identification that large, fresh generation batches (N > 2048) are critical for stable estimation, enabled by gradient caching. 3) A multi-encoder matching strategy using a "battery" of 14 diverse frozen encoders, balanced via a proportional Lagrangian controller to prevent the generator from gaming any single encoder's metric. The approach is theoretically grounded in kernel mean embeddings and optimal transport concepts, applied pragmatically to the current state-of-the-art in teacher-free distillation.
The experimental evaluation is rigorous and comprehensive. The authors conduct controlled ablations on the two design axes (comparison metric and representation space). They demonstrate that their method, iRDM, sets a new state-of-the-art for one-step generation on ImageNet-256 with an SW_r14 score of 1.30, significantly outperforming prior methods like pMF-H FD-SIM (2.05). They also show that post-training FLUX.2 (a 4-step model) into a 1-step model using this recipe improves GenEval and PickScore scores over the 4-step baseline, a surprising and valuable result. The use of an independent evaluation metric (SW_r14) that is not part of the training loss effectively mitigates concerns about metric gaming. The inclusion of a held-out encoder panel for evaluation adds robustness to the claims.
The paper provides significant detail for reproducibility. It specifies the encoder architectures, the Nyström landmark count (4096), batch sizes (5120/10240), learning rates, and the specific Lagrangian control mechanism. The reference to "gradient caching" and the specific implementation of the Nyström attraction term are clear. The project page likely contains code, which is standard for arXiv papers. The use of standard pretrained encoders (DINOv2, CLIP, etc.) ensures that the components are accessible. The detailed ablation studies allow other researchers to replicate the design space exploration.
The primary limitation is the computational cost of training. The requirement for large batch sizes (N=5120) and the use of 10 encoders for forward passes per step, while optimized with gradient caching, still implies a substantial memory and compute footprint compared to smaller-batch methods. The method relies heavily on the quality and diversity of the frozen encoders; if the encoder panel is biased or insufficiently diverse, the "balanced" training might still fail to capture all aspects of realism. Additionally, while it surpasses the 4-step FLUX on GenEval, it is a post-training step, meaning the base model's capabilities are a prerequisite. The "one-step" nature inherently limits the complexity of the generated distribution compared to iterative methods, as evidenced by the gap between 1.30 and the real-data floor of 1.00.
This work significantly advances the field of efficient generative modeling by demonstrating that high-quality one-step generation is achievable without online teachers or adversarial training, relying instead on careful distribution matching in feature space. This could lead to faster inference times for image generation, making it more accessible for real-time applications. The insights into metric gaming and the proposal of a robust multi-encoder evaluation metric (SW_r14) provide a valuable tool for the community to better assess generator quality. However, the ease of generating realistic images also raises standard concerns about misuse in creating deepfakes or misleading content, though the one-step nature might make it less suitable for high-fidelity, long-tail content generation compared to multi-step models. This paper presents a significant advancement in one-step image generation by rigorously elucidating the design space of Representation Distribution Matching, introducing a robust MMD estimator with Nyström approximation, and demonstrating that large-batch, multi-encoder training yields state-of-the-art results while mitigating metric gaming, thereby providing a scalable and effective alternative to teacher-based distillation methods.
Large vision-language models (LVLMs) have achieved strong performance across many medical imaging tasks, yet their application to ultrasound remains limited due to its inherent complexity and variability. In this work, we revisit what is truly needed to enable real-world ultrasound understanding. Instead of introducing complex architectures or elaborate training strategies, we show that data scale and clinically faithful data alignment are the key factors. We construct a large-scale dataset of 1.5M real-world ultrasound examinations, containing 17.7M images, multi-organ coverage, and paired uncurated clinical reports. Crucially, we organize the data at the examination level, aligning multiple images with their corresponding reports to reflect real clinical workflows. We then fine-tune a standard LVLM using low-rank adaptation (LoRA) on this dataset without task-specific modifications. Surprisingly, this simple recipe already leads to strong performance across diverse ultrasound understanding tasks, outperforming prior methods designed with more complex pipelines. Beyond these results, we present model and data scaling analyses that provide insights into the role of scale in ultrasound LVLMs.
Primary: Technical University of Munich
All Institutions: MedAI Technology (Wuxi) Co. Ltd, Technical University of Munich
This paper makes a substantial contribution to medical vision-language modeling by demonstrating that large-scale, clinically aligned data curation and simple fine-tuning of standard LVLMs can outperform complex, specialized architectures for ultrasound understanding, providing a new benchmark and paradigm for the field.
The paper proposes a straightforward yet effective pipeline for ultrasound understanding: constructing a massive dataset (1.5M exams, 17.7M images) and fine-tuning a standard LVLM (Qwen3-VL-4B) using LoRA. The core methodological contribution is not a new architecture, but the rigorous demonstration that "data scale + clinically faithful alignment" supersedes complex architectural modifications or specialized training strategies in this domain. The approach is simple, relying on examination-level supervision where multiple images are paired with long-form reports, mimicking real clinical workflows. This challenges the prevailing trend of designing intricate multimodal adapters for medical imaging.
The experimental evaluation is comprehensive and robust. The authors benchmark LUMI against a wide array of state-of-the-art general-purpose (InternVL3.5, Qwen3.5, Kimi-VL) and medical-domain (HuatuoGPT, Lingshu, EchoVLM) models across five major ultrasound categories. The results show significant improvements, particularly in clinical fidelity metrics (F1 score) and higher-order NLP metrics (BLEU-4, ROUGE-L). The inclusion of an LLM-based evaluator for clinical correctness is a strong methodological choice that adds depth beyond standard text similarity metrics. Scaling analyses (model and data) provide valuable empirical insights, showing saturation points that guide future resource allocation.
The paper provides detailed hyperparameters, training configurations (LoRA rank, learning rate, batch size), and data preprocessing steps. The dataset size and source descriptions are clear. However, the dataset itself (1.5M exams) is likely too large and privacy-sensitive to be fully open-sourced in its raw form, which may limit direct reproducibility of the training phase for others. The code/model availability is indicated by the project URL, which is crucial for verification.
The primary limitation is the potential for hallucination when presented with incomplete image sets at inference time, as the model is trained on complete examinations. Additionally, the reliance on uncurated, real-world reports introduces noise and variability in language style, which might affect generalization to standardized reporting formats. The study focuses on report generation and lacks detailed evaluation on downstream diagnostic tasks (e.g., specific lesion detection accuracy vs. radiologist agreement).
This work has significant implications for medical AI, demonstrating that high-quality, large-scale data alignment can drive performance gains more effectively than architectural complexity. It encourages the community to prioritize data curation and clinical fidelity in medical LVLM development. The dataset and model could accelerate research in ultrasound AI, potentially improving diagnostic support in resource-limited settings where expert sonographers are scarce. This paper makes a substantial contribution to medical vision-language modeling by demonstrating that large-scale, clinically aligned data curation and simple fine-tuning of standard LVLMs can outperform complex, specialized architectures for ultrasound understanding, providing a new benchmark and paradigm for the field.
Safe motion planning in dynamic environments requires reasoning about the uncertainty in predicted obstacle motion without sacrificing real-time performance. Existing conformal approaches conformalize a scalar score that aggregates per-obstacle prediction errors, losing spatial coherence and scaling poorly with scene density. We instead conformalize the entire predicted distance field at once. This functional conformal prediction (FCP) framework yields a distribution-free, field-level lower bound, from which safety follows uniformly: any trajectory satisfying the resulting constraint is certified safe, independent of how the control space is sampled. The key enabler is that the residual distance field is empirically low-rank and approximately time-invariant, which makes the bound decomposable in coefficient space. An envelope is fitted offline via functional PCA and a Gaussian-mixture inductive conformal procedure, then refined online by a lightweight adaptive functional conformal (AFCP) update on a low-dimensional vector. This keeps the per-step cost largely insensitive to obstacle count and retains long-run field coverage under distribution shift. We embed the envelope as a tightened safety constraint in a sampling-based model predictive controller, FCP-MPC. On the ETH--UCY pedestrian benchmarks and a dense 3D quadrotor task with up to 280 dynamic obstacles, FCP-MPC attains a favorable balance of safety, feasibility, and efficiency, reaching goals where pointwise and egocentric conformal baselines become too conservative or too expensive, while keeping per-step computation far below online uncertainty-reasoning baselines.
Primary: Seoul National University
All Institutions: Seoul National University
This paper introduces a novel Functional Conformal Prediction framework for safe motion planning, leveraging the low-rank structure of prediction errors to provide scalable, distribution-free safety guarantees in dynamic environments. The approach effectively addresses the computational and spatial coherence limitations of prior conformal methods, offering a significant advancement in the integration of statistical uncertainty quantification with real-time robotic control.
The paper proposes a Functional Conformal Prediction (FCP) framework to address the scalability and spatial coherence issues of existing conformal prediction (CP) methods in safe motion planning. Instead of conformalizing scalar scores per obstacle, the authors treat the prediction error of the distance field as a functional object in a Hilbert space. They leverage the empirical observation that residual distance fields are low-rank and approximately time-invariant. This allows them to perform Functional PCA (FPCA) to decompose the field into a few principal components. A Gaussian Mixture Model (GMM) is fitted to the coefficients of these components in an offline stage, and an inductive conformal procedure is used to create a distribution-free envelope. Online, an Adaptive Functional Conformal Prediction (AFCP) update adjusts a scalar multiplier to handle distribution shifts. This approach decouples the expensive statistical calibration from the real-time planning loop, allowing the safety constraint to be evaluated efficiently for any sampled trajectory in an MPC framework. The methodology is theoretically sound, providing asymptotic safety guarantees under both exchangeable and non-exchangeable (adaptive) settings.
The authors evaluate FCP-MPC on two benchmarks: the ETH-UCY pedestrian dataset (2D) and a dense 3D quadrotor simulation with up to 280 dynamic obstacles. They compare against pointwise and egocentric conformal baselines, as well as online uncertainty-reasoning methods. The results indicate that FCP-MPC achieves a favorable balance of safety, feasibility, and efficiency. It successfully reaches goals where pointwise methods are too conservative and egocentric methods are too expensive or lose coverage. The per-step computation remains largely insensitive to obstacle count, demonstrating the scalability of the functional approach. The experiments are comprehensive, covering both 2D and 3D scenarios and varying densities.
The paper provides a GitHub repository link (https://github.com/CORE-SNU/FCP-MPC), which significantly aids reproducibility. The methodology is described in detail, including the offline FPCA and GMM fitting, and the online AFCP update. The use of standard benchmarks (ETH-UCY) also facilitates comparison. However, the specific implementation details of the "dense 3D quadrotor task" (e.g., exact dynamics, sensor noise models, prediction model architecture) might require careful reading of the appendix or code to fully replicate.
The method relies on the assumption that the residual distance field is low-rank and approximately time-invariant. While verified empirically, this may not hold in all environments (e.g., highly dynamic, non-stationary scenes with complex occlusions). The offline calibration requires a sufficiently large and representative dataset of residual fields. The adaptive update (AFCP) provides long-run coverage but may take time to converge to the correct threshold under rapid distribution shifts. The soft-constraint variant degrades safety guarantees by a controllable slack, which might be unacceptable for some high-risk applications.
This work contributes to the field of safe autonomous systems by providing a scalable and theoretically grounded method for uncertainty-aware motion planning. By enabling real-time safety guarantees in dense, dynamic environments, it facilitates the deployment of robots in more complex real-world scenarios. The functional conformal prediction framework could also be applicable to other domains involving spatial or functional data uncertainty, such as medical imaging or environmental monitoring. This paper introduces a novel Functional Conformal Prediction framework for safe motion planning, leveraging the low-rank structure of prediction errors to provide scalable, distribution-free safety guarantees in dynamic environments. The approach effectively addresses the computational and spatial coherence limitations of prior conformal methods, offering a significant advancement in the integration of statistical uncertainty quantification with real-time robotic control.
Long-context inference is increasingly common in large language model (LLM) serving, driven by retrieval-augmented generation and agentic systems. In disaggregated inference, these workloads require transferring large Key-Value (KV) caches across the network, where decoding cannot begin until the transfer completes. Recent KV quantization techniques reduce data volume and alleviate this bottleneck, but existing schemes fail to achieve both low network-exposed latency and high inference accuracy. We challenge the assumption that the KV cache is an indivisible unit that must be fully received before use. We leverage the observation that different bits in the KV cache contribute unequally to attention computation and inference precision: the most significant bits capture the coarse structure of attention and the least significant bits refine precision. This property enables partial use of the KV cache during decoding. We present Lynx, a system that enables progressive, split-stream KV transfer by partitioning the KV cache into a high-priority Anchor stream carrying the most significant bits and a low-priority Residual stream carrying remaining precision. Decoding begins upon receipt of the Anchor stream and proceeds speculatively while the Residual stream is transferred concurrently, followed by verification that ensures equivalence to higher-precision decoding. Across multiple models and serving workloads, Lynx achieves Time-to-First-Token (TTFT) comparable to aggressive 4-bit KV quantization, while matching the accuracy of high-precision (BF16) inference, improving TTFT over standard 8-bit KV quantization by up to $1.43\times$ and improving accuracy over state-of-the-art by up to $5.1\%$.
Primary: University College London
All Institutions: University College London, Huawei
Lynx introduces a progressive speculative quantization framework that decouples KV cache transfer from decoding initiation, achieving significant latency reductions without sacrificing inference accuracy in long-context LLM serving.
The paper proposes "Lynx," a novel system for disaggregated LLM inference that challenges the assumption that the Key-Value (KV) cache must be fully transferred before decoding begins. The core innovation is a hierarchical split-stream quantization scheme that partitions the KV cache into a high-priority "Anchor" stream (Most Significant Bits) and a low-priority "Residual" stream (Least Significant Bits). By transmitting the Anchor stream first, the decode instance can begin speculative token generation using the coarse-grained KV data. Once the Residual stream arrives, the system verifies the speculative tokens against the full-precision (or higher-precision) KV cache. This approach effectively overlaps network communication with computation, treating the network transfer as a draft model in speculative decoding. The methodology is technically sound, leveraging the observation that MSBs dominate attention score magnitudes due to the exponential nature of Softmax, while LSBs refine precision. The integration of non-linear logarithmic quantization and outlier-aware chunking further enhances the fidelity of the Anchor stream.
The evaluation is comprehensive, covering three models (LLaMA 3.1 8B, Qwen 3 32B, Mistral 3 24B) and three datasets (MMLU-Pro, Needle-in-the-Haystack, QMSum) across varying context lengths (up to 128K) and bandwidths (10-50 Gbps). The results demonstrate that Lynx achieves Time-to-First-Token (TTFT) comparable to aggressive 4-bit quantization while maintaining accuracy equivalent to 8-bit or BF16 inference. Specifically, it improves TTFT over standard 8-bit quantization by up to 1.43x and improves accuracy over state-of-the-art compression methods (like CacheGen) by up to 5.1%. The paper includes detailed ablation studies on context length scaling and bandwidth variations, showing that the benefits of speculative overlap increase with longer contexts and lower bandwidths. The use of Ascend NPUs (Huawei hardware) is a specific constraint but does not detract from the generalizability of the system design principles.
The paper provides significant implementation details, including the quantization algorithm (Algorithm 1), the split-stream construction logic, and the speculative verification protocol. It mentions implementation in ~2k lines of Ascend-C kernels and ~2k lines of Python, integrated into vLLM-Ascend. However, the code is not publicly available (no GitHub URL provided), and the evaluation is conducted on proprietary Huawei Ascend hardware, which may limit direct reproducibility for researchers using standard NVIDIA GPU stacks. The detailed description of the SerDes protocol and the non-blocking runtime architecture offers a strong basis for future reproduction.
The primary limitation is the reliance on specific hardware (Ascend NPUs) and the lack of public code. The speculative decoding verification introduces computational overhead; while the paper argues this is negligible compared to communication savings, this overhead scales with the number of speculative tokens and could become significant in very high-bandwidth, low-latency scenarios where the communication bottleneck is less severe. Additionally, the approach assumes a disaggregated prefill-decode architecture, which is not universal for all LLM serving setups. The accuracy guarantee relies on the verification step, which implies that if the Residual stream is delayed or lost, the system must wait, potentially negating the latency benefits in unstable network conditions.
This work has significant implications for the efficiency and scalability of long-context LLM serving, particularly in cloud environments where disaggregated inference is becoming standard. By enabling high-precision inference with lower effective latency, it allows for more responsive AI agents and retrieval-augmented generation systems. The technique of using partial data for speculative execution could inspire similar approaches in other areas of distributed machine learning where data dependencies are hierarchical or can be approximated. Lynx introduces a progressive speculative quantization framework that decouples KV cache transfer from decoding initiation, achieving significant latency reductions without sacrificing inference accuracy in long-context LLM serving.
In retrieval augmented generation (RAG) and agentic LLM serving, prompts are assembled from independent segments into long contexts, making the prefill stage dominate the per-request computation cost. To this cost, two directions have emerged in parallel: position-independent caching (PIC) admits KV reuse for non-contiguous segments shared across different requests, while hybrid-attention models reduce computation complexity by replacing most full-attention layers with linear attention. However, they cannot coexist: applying PIC to hybrid-attention models breaks down because per-token KV-cache reuse primitives do not transfer to the per-request recurrent state. In this work, we present Hypic, the first serving system for hybrid-attention LLMs with position-independent caching. For linear-attention layers, we identify the segment-cumulative transition operator as the missing algebraic primitive, and cache it alongside each segment's zero-start end-state, enabling near-exact and constant-time state composition of independently cached segments. For the remaining full-attention layers, existing PIC methods also fail as linear layers do not expose the per-token hidden states for selective recomputation. We show that the most significant attention deviation concentrates at segment boundaries, so recomputing only a small seam window at each boundary suffices to restore cross-segment lookback. Finally, Hypic exploits segment-level self-containment to parallelize cache-miss prefill across instances, turning long cold requests -- a major tail-latency contributor under both prefix caching and prior PIC -- into an accelerable workload. Evaluated across four hybrid-attention models and five workloads, Hypic reduces time-to-first-token (TTFT) by 2.45x on average and improves peak throughput by up to 2.0x over existing systems, while staying within 3.3 points of full-recompute accuracy.
Primary: Xiaohongshu Inc.
All Institutions: Xiaohongshu Inc., Peking University, Shanghai Jiao Tong University
This paper presents a significant systems contribution by resolving the incompatibility between position-independent caching and hybrid-attention LLMs through novel algebraic primitives and boundary-aware recomputation, enabling substantial latency and throughput improvements for RAG and agentic workloads.
The paper addresses a critical intersection in LLM serving: the compatibility of Position-Independent Caching (PIC) with Hybrid-Attention architectures (which mix linear and full attention). The authors correctly identify that standard PIC primitives fail for linear attention layers because the state transition is not per-token but segment-cumulative. Their proposed solution, caching the "segment-cumulative transition operator" alongside the end-state, is a mathematically sound and novel algebraic primitive for state composition. Furthermore, they address the full-attention layer bottleneck in PIC by identifying that attention deviations are localized at segment boundaries, proposing a "seam window" recomputation strategy. This is a sophisticated systems-level optimization that balances accuracy and efficiency. The approach is rigorous, leveraging the specific mathematical properties of linear attention (associativity) to enable caching that was previously thought incompatible.
The evaluation is comprehensive, covering four hybrid-attention models and five distinct workloads. The results show a 2.45x reduction in Time-to-First-Token (TTFT) and up to 2.0x improvement in peak throughput compared to existing systems. Crucially, they maintain accuracy within 3.3 points of full-recompute baselines, which is an acceptable trade-off for the significant latency gains in serving scenarios. The inclusion of tail-latency analysis for long cold requests adds depth, demonstrating that the system effectively mitigates a known pain point in prefix caching. The empirical evidence strongly supports the claims made in the abstract.
The paper provides sufficient technical detail regarding the algebraic primitives and the seam-window recomputation logic. The authors are from major tech companies and universities, suggesting access to robust infrastructure for such experiments. While the full codebase isn't explicitly linked in the provided text, the methodological description is precise enough for replication by systems researchers. The use of standard benchmarks and clear metrics (TTFT, throughput, accuracy delta) ensures that the results are verifiable.
The primary limitation is the accuracy trade-off. While 3.3 points is "close," in high-stakes applications, this deviation might be significant. The "seam window" size is a hyperparameter that likely requires tuning per model and context length. Additionally, the benefits are most pronounced in RAG and agentic workflows with long, composed contexts; for short, single-sequence prompts, the overhead of managing these complex caches might not yield proportional benefits. The paper focuses on serving efficiency rather than training efficiency, limiting its scope to the inference phase.
This work has significant implications for the deployment of next-generation LLMs that utilize hybrid attention for efficiency. By enabling PIC for these models, it reduces the computational cost and latency of RAG and agentic systems, making them more scalable and accessible. This could accelerate the adoption of hybrid-attention architectures in production environments where latency and cost are critical constraints. It also sets a new standard for how systems researchers should approach caching in non-standard attention mechanisms. This paper presents a significant systems contribution by resolving the incompatibility between position-independent caching and hybrid-attention LLMs through novel algebraic primitives and boundary-aware recomputation, enabling substantial latency and throughput improvements for RAG and agentic workloads.